CVE-2007-0268 - Vulnerability Details - OpenCVE

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oracle	Database Server

Configuration 1 [-]

OR	cpe:2.3:a:oracle:database_server:9.0.1.5:::::::*
	cpe:2.3:a:oracle:database_server:9.2.0.7:::::::*
	cpe:2.3:a:oracle:database_server:10.1.0.5:::::::*

No data.

References

Link	Providers
http://osvdb.org/32907
http://osvdb.org/32913
http://osvdb.org/32921
http://secunia.com/advisories/23794
http://securitytracker.com/id?1017522
http://www.kb.cert.org/vuls/id/221788
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html
http://www.securityfocus.com/archive/1/458005/100/0/threaded
http://www.securityfocus.com/archive/1/458475/100/100/threaded
http://www.securityfocus.com/bid/22083
http://www.us-cert.gov/cas/techalerts/TA07-017A.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/31541

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-17T02:00:00

Updated: 2024-08-07T12:12:17.458Z

Reserved: 2007-01-16T00:00:00

Link: CVE-2007-0268

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-01-17T02:28:00.000

Modified: 2024-11-21T00:25:23.927

Link: CVE-2007-0268

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-01-16T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "32913", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32913"}, {"name": "20070129 Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/458475/100/100/threaded"}, {"name": "23794", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23794"}, {"name": "32921", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32921"}, {"name": "22083", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22083"}, {"name": "VU#221788", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/221788"}, {"name": "32907", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32907"}, {"name": "20070124 Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/458005/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"}, {"name": "TA07-017A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"}, {"name": "oracle-cpu-jan2007(31541)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"}, {"tags": ["x_refsource_MISC"], "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"}, {"name": "1017522", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017522"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0268", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "32913", "refsource": "OSVDB", "url": "http://osvdb.org/32913"}, {"name": "20070129 Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/458475/100/100/threaded"}, {"name": "23794", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23794"}, {"name": "32921", "refsource": "OSVDB", "url": "http://osvdb.org/32921"}, {"name": "22083", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22083"}, {"name": "VU#221788", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/221788"}, {"name": "32907", "refsource": "OSVDB", "url": "http://osvdb.org/32907"}, {"name": "20070124 Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/458005/100/0/threaded"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"}, {"name": "TA07-017A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"}, {"name": "oracle-cpu-jan2007(31541)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"}, {"name": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html", "refsource": "MISC", "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"}, {"name": "1017522", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017522"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:12:17.458Z"}, "title": "CVE Program Container", "references": [{"name": "32913", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32913"}, {"name": "20070129 Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/458475/100/100/threaded"}, {"name": "23794", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23794"}, {"name": "32921", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32921"}, {"name": "22083", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22083"}, {"name": "VU#221788", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/221788"}, {"name": "32907", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32907"}, {"name": "20070124 Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/458005/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"}, {"name": "TA07-017A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"}, {"name": "oracle-cpu-jan2007(31541)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"}, {"name": "1017522", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017522"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0268", "datePublished": "2007-01-17T02:00:00", "dateReserved": "2007-01-16T00:00:00", "dateUpdated": "2024-08-07T12:12:17.458Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:database_server:9.0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "B6C67572-800C-4214-AD12-E9017A9A5BAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:database_server:9.2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "F7847CEB-DD8D-45A0-B500-95D511110FB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "03A522A3-07D7-481F-A538-EA3D13256F63", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en Oracle Database versiones 9.0.1.5, 9.2.0.7 y 10.1.0.5 tienen vectores de impacto y ataque desconocidos relacionados con (1) el componente Advanced Queue Server y los privilegios sys.dbms_aqsys.dbms_aq (DB01), (2) Advanced Replication and sys.dbms_ repcat_untrusted (DB07) y (3) Oracle Text y ctxload (DB15). NOTA: Oracle no ha reclamado p\u00fablicamente por investigadores confiables de que DB01 es para inyecci\u00f3n SQL en el SYS. DBMS_AQ_INV y DB07 es para un desbordamiento de b\u00fafer en el procedimiento UNREGISTER_SNAPSHOT en el paquete DBMS_REPCAT_UNTRUSTED."}], "id": "CVE-2007-0268", "lastModified": "2024-11-21T00:25:23.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-17T02:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/32907"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32913"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32921"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/23794"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017522"}, {"source": "cve@mitre.org", "tags": ["Patch", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/221788"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"}, {"source": "cve@mitre.org", "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/458005/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/458475/100/100/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/22083"}, {"source": "cve@mitre.org", "tags": ["Patch", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32907"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32913"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32921"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/23794"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017522"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/221788"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/458005/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/458475/100/100/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/22083"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}