Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 18/04/2007 Updated: 16/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote malicious users to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote malicious users to gain privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows
oracle database_server 10.2.0.2
oracle database_server 9.0.1.5
oracle database_server 9.2.0.8
oracle database_server 10.1.0.5

CWE-264 NVD-CWE-noinfo http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf http://www.ngssoftware.com/papers/database-on-xp.pdf http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.kb.cert.org/vuls/id/809457 http://www.securitytracker.com/id?1017927 http://www.us-cert.gov/cas/techalerts/TA07-108A.html http://www.securityfocus.com/bid/23532 http://www.vupen.com/english/advisories/2007/1426 http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html http://www.securityfocus.com/archive/1/466329/100/200/threaded https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-2108

Vulnerability Summary

References

Vulmon Search

About

Products

Connect