QwikSec

Security Database

CVE

CWE

Training

CVE-2007-3855

Published: Jul 18, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_HP

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_CERT

third-party-advisory

x_refsource_SREASON

http://rawlab.mindcreations.com/codes/exp/oracle/bunkerview.sql

x_refsource_MISC

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_VUPEN

oracle-unauth-view-access(35495)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_HP

http://www.red-database-security.com/advisory/oracle_view_vulnerability.html

x_refsource_MISC

20070721 Oracle bad Views - Exploit released

mailing-list

x_refsource_BUGTRAQ

oracle-cpu-july2007(35490)

vdb-entry

x_refsource_XF

http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

20070718 Oracle Security: Insert / Update / Delete Data via Views

mailing-list

x_refsource_BUGTRAQ

http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.