Vulnonym.org

CVE-2008-1813 - Isotactic Termination

Description

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+ 9.2.0.8 9.2.0.8DV 10.1.0.5 and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component aka DB01; (2) Core RDBMS aka DB03; (3) SDO_GEOM in Oracle Spatial aka DB06; (4) Export aka DB12; and (5) DBMS_STATS in Query Optimizer aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection and DB13 occurs when the OUTLN account is reset to use a hard-coded password.

Reference

http://www.securitytracker.com/id?1019855 http://secunia.com/advisories/29874 http://www.red-database-security.com/advisory/oracle_outln_password_change.html http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_geom.html http://secunia.com/advisories/29829 http://www.vupen.com/english/advisories/2008/1267/references http://www.vupen.com/english/advisories/2008/1233/references http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html https://exchange.xforce.ibmcloud.com/vulnerabilities/41995 https://exchange.xforce.ibmcloud.com/vulnerabilities/41994 https://exchange.xforce.ibmcloud.com/vulnerabilities/41993 https://exchange.xforce.ibmcloud.com/vulnerabilities/41992 https://exchange.xforce.ibmcloud.com/vulnerabilities/41991 https://exchange.xforce.ibmcloud.com/vulnerabilities/41858 http://www.securityfocus.com/archive/1/491024/100/0/threaded http://www.securityfocus.com/archive/1/490950/100/0/threaded http://www.securityfocus.com/archive/1/490919/100/0/threaded