Vulnerability Name:

CVE-2007-0272 (CCN-31541)

Assigned:2007-01-16
Published:2007-01-16
Updated:2018-10-16
Summary:Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05.
CVSS v3 Severity:4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:8.5 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:C/A:C)
6.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-119
Vulnerability Consequences:Informational
References:Source: MITRE
Type: CNA
CVE-2007-0268

Source: MITRE
Type: CNA
CVE-2007-0269

Source: MITRE
Type: CNA
CVE-2007-0270

Source: MITRE
Type: CNA
CVE-2007-0271

Source: MITRE
Type: CNA
CVE-2007-0272

Source: MITRE
Type: CNA
CVE-2007-0273

Source: MITRE
Type: CNA
CVE-2007-0274

Source: MITRE
Type: CNA
CVE-2007-0275

Source: MITRE
Type: CNA
CVE-2007-0276

Source: MITRE
Type: CNA
CVE-2007-0277

Source: MITRE
Type: CNA
CVE-2007-0278

Source: MITRE
Type: CNA
CVE-2007-0279

Source: MITRE
Type: CNA
CVE-2007-0280

Source: MITRE
Type: CNA
CVE-2007-0281

Source: MITRE
Type: CNA
CVE-2007-0282

Source: MITRE
Type: CNA
CVE-2007-0283

Source: MITRE
Type: CNA
CVE-2007-0284

Source: MITRE
Type: CNA
CVE-2007-0285

Source: MITRE
Type: CNA
CVE-2007-0286

Source: MITRE
Type: CNA
CVE-2007-0287

Source: MITRE
Type: CNA
CVE-2007-0288

Source: MITRE
Type: CNA
CVE-2007-0289

Source: MITRE
Type: CNA
CVE-2007-0290

Source: MITRE
Type: CNA
CVE-2007-0291

Source: MITRE
Type: CNA
CVE-2007-0292

Source: MITRE
Type: CNA
CVE-2007-0293

Source: MITRE
Type: CNA
CVE-2007-0294

Source: MITRE
Type: CNA
CVE-2007-0295

Source: MITRE
Type: CNA
CVE-2007-0296

Source: MITRE
Type: CNA
CVE-2007-0297

Source: OSVDB
Type: UNKNOWN
32911

Source: CCN
Type: SA23794
Oracle Products Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
23794

Source: CCN
Type: SECTRACK ID: 1017522
Oracle Database and Other Products Have 52 Unspecified Vulnerabilities With Unspecified Impact

Source: SECTRACK
Type: UNKNOWN
1017522

Source: MISC
Type: UNKNOWN
http://www.appsecinc.com/resources/alerts/oracle/2007-05.shtml

Source: CCN
Type: US-CERT VU#221788
Oracle SYS.DBMS_AQ package vulnerable to PL/SQL injection

Source: CCN
Type: Oracle Critical Patch Update - January 2007
Oracle Critical Patch Update Advisory - January 2007

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html

Source: CCN
Type: OSVDB ID: 32872
Oracle PeopleSoft PeopleTools PIA Component HTTP Unspecified Remote DoS

Source: CCN
Type: OSVDB ID: 32873
Oracle PeopleSoft PeopleTools PIA Component HTTP Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32874
Oracle PeopleSoft PeopleTools HTTP Unspecified Authenticated XSS

Source: CCN
Type: OSVDB ID: 32880
Oracle Enterprise Manager Cloning & Data Guard Management Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32881
Oracle HTTP Server SSL Module Unspecified Remote Issue (OHS01)

Source: CCN
Type: OSVDB ID: 32882
Oracle HTTP Server SSL Module Unspecified Remote Issue (OHS02)

Source: CCN
Type: OSVDB ID: 32883
Oracle HTTP Server Unspecified Issue (OHS03)

Source: CCN
Type: OSVDB ID: 32884
Oracle HTTP Server Unspecified Issue (OHS04)

Source: CCN
Type: OSVDB ID: 32885
Oracle HTTP Server SSL Module Unspecified Remote DoS (OHS05)

Source: CCN
Type: OSVDB ID: 32886
Oracle HTTP Server SSL Module Unspecified Remote DoS (OHS06)

Source: CCN
Type: OSVDB ID: 32887
Oracle HTTP Server Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32888
Oracle E-Business Suite Application Object Library HTTP Authenticated Unspecified Issue

Source: CCN
Type: OSVDB ID: 32889
Oracle E-Business Suite Exchange HTTP Negotiations User Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32890
Oracle E-Business Suite Human Resources Administrator Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32891
Oracle E-Business Suite Payables User Account Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32892
Oracle E-Business Suite Trading Community Architecture Administrator Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32893
Oracle E-Business Suite Web Applications Desktop Integrator Unspecified Issue

Source: CCN
Type: OSVDB ID: 32894
Oracle Multiple Products Reports Developer HTTP Unspecified Issue

Source: CCN
Type: OSVDB ID: 32895
Oracle Multiple Products Containers for J2EE HTTP Unspecified Issue (OC4J01)

Source: CCN
Type: OSVDB ID: 32896
Oracle Multiple Products Containers for J2EE HTTP Unspecified Issue (OC4J02)

Source: CCN
Type: OSVDB ID: 32897
Oracle Multiple Products Containers for J2EE HTTP Unspecified Information Disclosure (OC4J03)

Source: CCN
Type: OSVDB ID: 32898
Oracle Multiple Products Containers for J2EE HTTP Unspecified Issue (OC4J04)

Source: CCN
Type: OSVDB ID: 32899
Oracle Collaboration Suite Containers for J2EE HTTP Unspecified Information Disclosure (OC4J05)

Source: CCN
Type: OSVDB ID: 32900
Oracle Collaboration Suite Containers for J2EE HTTP Unspecified Issue (OC4J06)

Source: CCN
Type: OSVDB ID: 32901
Oracle Multiple Products Containers for J2EE Unauthenticated Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32902
Oracle Multiple Products Containers for J2EE jazn.jar Local Information Disclosure

Source: CCN
Type: OSVDB ID: 32903
Oracle Application Server Internet Directory LDAP Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32904
Oracle Multiple Products Process Mgmt & Notification ONS OPMN Daemon Remote Format String (OPMN02)

Source: CCN
Type: OSVDB ID: 32906
Oracle Multiple Products Workflow Cartridge rwcgi60 genuser Parameter XSS

Source: CCN
Type: OSVDB ID: 32908
Oracle Database Change Data Capture sys.dbms_cdc_subscribe Unspecified Issue

Source: CCN
Type: OSVDB ID: 32916
Oracle Database Advanced Security Option oklist / okdstry Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 32917
Oracle Database Export expdp / impdp Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 32918
Oracle Database NLS Runtime lmsgen Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 32919
Oracle Database Net Services tnslsnr Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 32920
Oracle Database Text ctxkbtc Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 32922
Oracle Database Recovery Manager oklist Unspecified Local Issue

Source: CCN
Type: Red-Database-Security Web site
Details Oracle Critical Patch Update January 2007

Source: BUGTRAQ
Type: UNKNOWN
20070124 Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD

Source: BUGTRAQ
Type: UNKNOWN
20070718 Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD (DB12)

Source: CCN
Type: BID-22008
Retired: Oracle January 2007 Advance Notification Multiple Vulnerabilities

Source: BID
Type: UNKNOWN
22083

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA07-017A
Oracle Releases Patches for Multiple Vulnerabilities

Source: CERT
Type: Patch, US Government Resource
TA07-017A

Source: XF
Type: UNKNOWN
oracle-cpu-jan2007(31541)

Source: XF
Type: UNKNOWN
oracle-cpu-jan2007(31541)

Source: CCN
Type: IBM Internet Security Systems X-Force Database
Oracle Application Server EmChartBean directory traversal

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-0272 (CCN-32373)

    Assigned:2007-01-24
    Published:2007-01-24
    Updated:2007-01-24
    Summary:Oracle Database Server is vulnerable to multiple buffer overflows in the MDSYS.MD package. A remote or local authenticated attacker could exploit these vulnerabilities to execute arbitrary code with elevated privileges or cause the database server to crash.
    CVSS v3 Severity:4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): Low
    User Interaction (UI): Required
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:8.5 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:C/A:C)
    6.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P)
    4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Privileges
    References:Source: CCN
    Type: BugTraq Mailing List, Wed Jan 24 2007 - 17:37:33 CST
    Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD

    Source: MITRE
    Type: CNA
    CVE-2007-0272

    Source: CCN
    Type: HP Security Bulletin HPSBMA02133 SSRT061201 rev.5
    HP Oracle for OpenView (OfO) Critical Patch Update

    Source: CCN
    Type: SA23794
    Oracle Products Multiple Vulnerabilities

    Source: CCN
    Type: SA24969
    HP Oracle for OpenView Multiple Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1017522
    Oracle Database and Other Products Have 52 Unspecified Vulnerabilities With Unspecified Impact

    Source: CCN
    Type: Team SHATTER Security Alert Jan 18, 2007 (Updated July 18th, 2007)
    Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD (DB12)

    Source: CCN
    Type: Oracle Critical Patch Update - January 2007
    Oracle Critical Patch Update Advisory - January 2007

    Source: CCN
    Type: Oracle Critical Patch Update - July 2007
    Oracle Critical Patch Update Advisory - July 2007

    Source: CCN
    Type: OSVDB ID: 32911
    Oracle Database Spatial mdsys.md Multiple Unspecified Overflows

    Source: CCN
    Type: Red-Database-Security Web site
    Details Oracle Critical Patch Update January 2007

    Source: CCN
    Type: BID-22083
    Oracle January 2007 Security Update Multiple Vulnerabilities

    Source: CCN
    Type: US-CERT Technical Cyber Security Alert TA07-017A
    Oracle Releases Patches for Multiple Vulnerabilities

    Source: XF
    Type: UNKNOWN
    oracle-mdsysmd-multiple-bo(32373)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.7:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0.1.5:*:fips+:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    oracle database server 8.1.7.4
    oracle database server 9.0.1.5
    oracle database server 9.2.0.7
    oracle database server 10.1.0.4
    oracle database server 10.1.0.5 r1
    oracle database server 9.2.0.7 r2
    oracle database server 9.0.1.5