Vulnerability Name:

CVE-2007-0268 (CCN-31541)

Assigned:2007-01-16
Published:2007-01-16
Updated:2018-10-16
Summary:Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15).
Note: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.
CVSS v3 Severity:5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
5.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
5.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Informational
References:Source: MITRE
Type: CNA
CVE-2007-0268

Source: MITRE
Type: CNA
CVE-2007-0269

Source: MITRE
Type: CNA
CVE-2007-0270

Source: MITRE
Type: CNA
CVE-2007-0271

Source: MITRE
Type: CNA
CVE-2007-0272

Source: MITRE
Type: CNA
CVE-2007-0273

Source: MITRE
Type: CNA
CVE-2007-0274

Source: MITRE
Type: CNA
CVE-2007-0275

Source: MITRE
Type: CNA
CVE-2007-0276

Source: MITRE
Type: CNA
CVE-2007-0277

Source: MITRE
Type: CNA
CVE-2007-0278

Source: MITRE
Type: CNA
CVE-2007-0279

Source: MITRE
Type: CNA
CVE-2007-0280

Source: MITRE
Type: CNA
CVE-2007-0281

Source: MITRE
Type: CNA
CVE-2007-0282

Source: MITRE
Type: CNA
CVE-2007-0283

Source: MITRE
Type: CNA
CVE-2007-0284

Source: MITRE
Type: CNA
CVE-2007-0285

Source: MITRE
Type: CNA
CVE-2007-0286

Source: MITRE
Type: CNA
CVE-2007-0287

Source: MITRE
Type: CNA
CVE-2007-0288

Source: MITRE
Type: CNA
CVE-2007-0289

Source: MITRE
Type: CNA
CVE-2007-0290

Source: MITRE
Type: CNA
CVE-2007-0291

Source: MITRE
Type: CNA
CVE-2007-0292

Source: MITRE
Type: CNA
CVE-2007-0293

Source: MITRE
Type: CNA
CVE-2007-0294

Source: MITRE
Type: CNA
CVE-2007-0295

Source: MITRE
Type: CNA
CVE-2007-0296

Source: MITRE
Type: CNA
CVE-2007-0297

Source: OSVDB
Type: UNKNOWN
32907

Source: OSVDB
Type: UNKNOWN
32913

Source: OSVDB
Type: UNKNOWN
32921

Source: CCN
Type: SA23794
Oracle Products Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
23794

Source: CCN
Type: SECTRACK ID: 1017522
Oracle Database and Other Products Have 52 Unspecified Vulnerabilities With Unspecified Impact

Source: SECTRACK
Type: UNKNOWN
1017522

Source: CCN
Type: US-CERT VU#221788
Oracle SYS.DBMS_AQ package vulnerable to PL/SQL injection

Source: CERT-VN
Type: Patch, US Government Resource
VU#221788

Source: CCN
Type: Oracle Critical Patch Update - January 2007
Oracle Critical Patch Update Advisory - January 2007

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html

Source: CCN
Type: OSVDB ID: 32872
Oracle PeopleSoft PeopleTools PIA Component HTTP Unspecified Remote DoS

Source: CCN
Type: OSVDB ID: 32873
Oracle PeopleSoft PeopleTools PIA Component HTTP Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32874
Oracle PeopleSoft PeopleTools HTTP Unspecified Authenticated XSS

Source: CCN
Type: OSVDB ID: 32880
Oracle Enterprise Manager Cloning & Data Guard Management Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32881
Oracle HTTP Server SSL Module Unspecified Remote Issue (OHS01)

Source: CCN
Type: OSVDB ID: 32882
Oracle HTTP Server SSL Module Unspecified Remote Issue (OHS02)

Source: CCN
Type: OSVDB ID: 32883
Oracle HTTP Server Unspecified Issue (OHS03)

Source: CCN
Type: OSVDB ID: 32884
Oracle HTTP Server Unspecified Issue (OHS04)

Source: CCN
Type: OSVDB ID: 32885
Oracle HTTP Server SSL Module Unspecified Remote DoS (OHS05)

Source: CCN
Type: OSVDB ID: 32886
Oracle HTTP Server SSL Module Unspecified Remote DoS (OHS06)

Source: CCN
Type: OSVDB ID: 32887
Oracle HTTP Server Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32888
Oracle E-Business Suite Application Object Library HTTP Authenticated Unspecified Issue

Source: CCN
Type: OSVDB ID: 32889
Oracle E-Business Suite Exchange HTTP Negotiations User Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32890
Oracle E-Business Suite Human Resources Administrator Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32891
Oracle E-Business Suite Payables User Account Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32892
Oracle E-Business Suite Trading Community Architecture Administrator Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32893
Oracle E-Business Suite Web Applications Desktop Integrator Unspecified Issue

Source: CCN
Type: OSVDB ID: 32894
Oracle Multiple Products Reports Developer HTTP Unspecified Issue

Source: CCN
Type: OSVDB ID: 32895
Oracle Multiple Products Containers for J2EE HTTP Unspecified Issue (OC4J01)

Source: CCN
Type: OSVDB ID: 32896
Oracle Multiple Products Containers for J2EE HTTP Unspecified Issue (OC4J02)

Source: CCN
Type: OSVDB ID: 32897
Oracle Multiple Products Containers for J2EE HTTP Unspecified Information Disclosure (OC4J03)

Source: CCN
Type: OSVDB ID: 32898
Oracle Multiple Products Containers for J2EE HTTP Unspecified Issue (OC4J04)

Source: CCN
Type: OSVDB ID: 32899
Oracle Collaboration Suite Containers for J2EE HTTP Unspecified Information Disclosure (OC4J05)

Source: CCN
Type: OSVDB ID: 32900
Oracle Collaboration Suite Containers for J2EE HTTP Unspecified Issue (OC4J06)

Source: CCN
Type: OSVDB ID: 32901
Oracle Multiple Products Containers for J2EE Unauthenticated Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32902
Oracle Multiple Products Containers for J2EE jazn.jar Local Information Disclosure

Source: CCN
Type: OSVDB ID: 32903
Oracle Application Server Internet Directory LDAP Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32904
Oracle Multiple Products Process Mgmt & Notification ONS OPMN Daemon Remote Format String (OPMN02)

Source: CCN
Type: OSVDB ID: 32906
Oracle Multiple Products Workflow Cartridge rwcgi60 genuser Parameter XSS

Source: CCN
Type: OSVDB ID: 32908
Oracle Database Change Data Capture sys.dbms_cdc_subscribe Unspecified Issue

Source: CCN
Type: OSVDB ID: 32916
Oracle Database Advanced Security Option oklist / okdstry Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 32917
Oracle Database Export expdp / impdp Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 32918
Oracle Database NLS Runtime lmsgen Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 32919
Oracle Database Net Services tnslsnr Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 32920
Oracle Database Text ctxkbtc Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 32922
Oracle Database Recovery Manager oklist Unspecified Local Issue

Source: CCN
Type: Red-Database-Security Web site
Details Oracle Critical Patch Update January 2007

Source: MISC
Type: UNKNOWN
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html

Source: BUGTRAQ
Type: UNKNOWN
20070124 Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT

Source: BUGTRAQ
Type: UNKNOWN
20070129 Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL

Source: CCN
Type: BID-22008
Retired: Oracle January 2007 Advance Notification Multiple Vulnerabilities

Source: BID
Type: Exploit, Patch
22083

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA07-017A
Oracle Releases Patches for Multiple Vulnerabilities

Source: CERT
Type: Patch, US Government Resource
TA07-017A

Source: XF
Type: UNKNOWN
oracle-cpu-jan2007(31541)

Source: XF
Type: UNKNOWN
oracle-cpu-jan2007(31541)

Source: CCN
Type: IBM Internet Security Systems X-Force Database
Oracle Application Server EmChartBean directory traversal

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:database_server:9.0.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-0268 (CCN-31575)

    Assigned:2007-01-16
    Published:2007-01-16
    Updated:2007-01-16
    Summary:Oracle Database is vulnerable to SQL injection. A remote attacker with execute privileges on the SYS.DBMS_AQ package could send specially-crafted SQL statements to the Advanced Queuing component, which could allow the attacker to view, add, modify or delete information in the back-end database.
    CVSS v3 Severity:5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): Low
    User Interaction (UI): Required
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
    5.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
    5.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Data Manipulation
    References:Source: MITRE
    Type: CNA
    CVE-2007-0268

    Source: CCN
    Type: SA23794
    Oracle Products Multiple Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1017522
    Oracle Database and Other Products Have 52 Unspecified Vulnerabilities With Unspecified Impact

    Source: CCN
    Type: US-CERT VU#221788
    Oracle SYS.DBMS_AQ package vulnerable to PL/SQL injection

    Source: CCN
    Type: Oracle Critical Patch Update - January 2007
    Oracle Critical Patch Update Advisory - January 2007

    Source: CCN
    Type: OSVDB ID: 32907
    Oracle Database Advanced Queuing SYS.DBMS_AQ_INV SQL Injection

    Source: CCN
    Type: OSVDB ID: 32913
    Oracle Database Advanced Replication SYS.DBMS_REPCAT_UNTRUSTED Arbitrary Code Execution

    Source: CCN
    Type: OSVDB ID: 32921
    Oracle Database Text ctxload Unspecified Local Issue

    Source: CCN
    Type: Red-Database-Security Web site
    Details Oracle Critical Patch Update January 2007

    Source: CCN
    Type: Red-Database-Security Advisory 16 January 2007
    SQL Injection in package SYS.DBMS_AQ_INV

    Source: CCN
    Type: BID-22083
    Oracle January 2007 Security Update Multiple Vulnerabilities

    Source: CCN
    Type: US-CERT Technical Cyber Security Alert TA07-017A
    Oracle Releases Patches for Multiple Vulnerabilities

    Source: XF
    Type: UNKNOWN
    oracle-dbmsaq-sql-injection(31575)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:oracle:database_server:10.1.0.4:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.7:r2:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-0268 (CCN-32374)

    Assigned:2007-01-24
    Published:2007-01-24
    Updated:2007-01-24
    Summary:Oracle Database Server is vulnerable to a buffer overflow, caused by improper bounds checking by the UNREGISTER_SNAPSHOT procedure which is part of the DBMS_REPCAT_UNTRUSTED package. A remote or local attacker with execute privileges on the SYS.DBMS_REPCAT_UNTRUSTED package could exploit this vulnerability to execute arbitrary code with elevated privileges or cause the database server to crash.
    CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): Low
    User Interaction (UI): Required
    Scope:Scope (S): Changed
    Impact Metrics:Confidentiality (C): High
    Integrity (I): High
    Availibility (A): High
    CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
    4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
    6.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Privileges
    References:Source: CCN
    Type: Full-Disclosure Mailing List, Wed Jan 24 2007 - 17:39:19 CST
    Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT

    Source: MITRE
    Type: CNA
    CVE-2007-0268

    Source: CCN
    Type: SA23794
    Oracle Products Multiple Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1017522
    Oracle Database and Other Products Have 52 Unspecified Vulnerabilities With Unspecified Impact

    Source: CCN
    Type: US-CERT VU#221788
    Oracle SYS.DBMS_AQ package vulnerable to PL/SQL injection

    Source: CCN
    Type: Oracle Critical Patch Update - January 2007
    Oracle Critical Patch Update Advisory - January 2007

    Source: CCN
    Type: OSVDB ID: 32907
    Oracle Database Advanced Queuing SYS.DBMS_AQ_INV SQL Injection

    Source: CCN
    Type: OSVDB ID: 32913
    Oracle Database Advanced Replication SYS.DBMS_REPCAT_UNTRUSTED Arbitrary Code Execution

    Source: CCN
    Type: OSVDB ID: 32921
    Oracle Database Text ctxload Unspecified Local Issue

    Source: CCN
    Type: Red-Database-Security Web site
    Details Oracle Critical Patch Update January 2007

    Source: CCN
    Type: BID-22083
    Oracle January 2007 Security Update Multiple Vulnerabilities

    Source: CCN
    Type: US-CERT Technical Cyber Security Alert TA07-017A
    Oracle Releases Patches for Multiple Vulnerabilities

    Source: XF
    Type: UNKNOWN
    oracle-dbmsrepcat-unregister-bo(32374)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:oracle:database_server:10.1.0.4:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.7:r2:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    oracle database server 9.0.1.5
    oracle database server 9.2.0.7
    oracle database server 10.1.0.5
    oracle database server 10.1.0.4 r1
    oracle database server 10.1.0.5 r1
    oracle database server 9.2.0.7 r2
    oracle database server 10.1.0.4 r1
    oracle database server 10.1.0.5 r1
    oracle database server 9.2.0.7 r2