National Cyber Awareness System

Vulnerability Summary for CVE-2008-1813

Overview

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection, and DB13 occurs when the OUTLN account is reset to use a hard-coded password.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: XF

Name: oracle-database-queryop-default-password(41995)

Hyperlink:http://xforce.iss.net/xforce/xfdb/41995

External Source: XF

Name: oracle-database-export-info-disclosure(41994)

Hyperlink:http://xforce.iss.net/xforce/xfdb/41994

External Source: XF

Name: oracle-database-sdogeom-sql-injection(41993)

Hyperlink:http://xforce.iss.net/xforce/xfdb/41993

External Source: XF

Name: oracle-database-corerdbms-unspecified(41992)

Hyperlink:http://xforce.iss.net/xforce/xfdb/41992

External Source: XF

Name: oracle-database-dbmsaq-unspecified(41991)

Hyperlink:http://xforce.iss.net/xforce/xfdb/41991

External Source: XF

Name: oracle-cpu-april-2008(41858)

Hyperlink:http://xforce.iss.net/xforce/xfdb/41858

External Source: VUPEN

Name: ADV-2008-1267

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2008/1267/references

External Source: VUPEN

Name: ADV-2008-1233

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2008/1233/references

External Source: SECTRACK

Name: 1019855

Hyperlink:http://www.securitytracker.com/id?1019855

External Source: HP

Name: SSRT061201

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/491024/100/0/threaded

External Source: HP

Name: SSRT061201

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/491024/100/0/threaded

External Source: BUGTRAQ

Name: 20080416 Oracle - Hardcoded Password and Password Reset of OUTLN User [DB13]

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/490950/100/0/threaded

External Source: BUGTRAQ

Name: 20080416 Oracle - SQL Injection in package SDO_GEOM [DB06]

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/490919/100/0/threaded

External Source: MISC

Name: http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_geom.html

Hyperlink:http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_geom.html

External Source: MISC

Name: http://www.red-database-security.com/advisory/oracle_outln_password_change.html

Hyperlink:http://www.red-database-security.com/advisory/oracle_outln_password_change.html

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html

Hyperlink:http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html

External Source: SECUNIA

Name: 29874

Type: Advisory

Hyperlink:http://secunia.com/advisories/29874

External Source: SECUNIA

Name: 29829

Type: Advisory

Hyperlink:http://secunia.com/advisories/29829