Vulnerability Name:

CVE-2008-0342 (CCN-39753)

Assigned:2008-01-15
Published:2008-01-15
Updated:2012-10-23
Summary:Unspecified vulnerability in the Upgrade/Downgrade component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB05.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.8 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.8 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Informational
References:Source: MITRE
Type: CNA
CVE-2008-0339

Source: MITRE
Type: CNA
CVE-2008-0340

Source: MITRE
Type: CNA
CVE-2008-0341

Source: MITRE
Type: CNA
CVE-2008-0342

Source: MITRE
Type: CNA
CVE-2008-0343

Source: MITRE
Type: CNA
CVE-2008-0344

Source: MITRE
Type: CNA
CVE-2008-0345

Source: MITRE
Type: CNA
CVE-2008-0346

Source: MITRE
Type: CNA
CVE-2008-0347

Source: MITRE
Type: CNA
CVE-2008-0349

Source: MITRE
Type: CNA
CVE-2008-0364

Source: HP
Type: UNKNOWN
SSRT061201

Source: CCN
Type: SA28518
Oracle Products Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
28518

Source: CCN
Type: SA28556
HP Oracle for OpenView Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28556

Source: CCN
Type: SECTRACK ID: 1019218
Oracle Database and Other Products Have Unspecified Vulnerabilities With Unspecified Impact

Source: SECTRACK
Type: UNKNOWN
1019218

Source: CCN
Type: Oracle Critical Patch Update - January 2008
Oracle Critical Patch Update Advisory - January 2008

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html

Source: BID
Type: UNKNOWN
27229

Source: CCN
Type: BID-27229
Oracle January 2008 Critical Patch Update Multiple Vulnerabilities

Source: CERT
Type: Patch, US Government Resource
TA08-017A

Source: VUPEN
Type: UNKNOWN
ADV-2008-0150

Source: VUPEN
Type: UNKNOWN
ADV-2008-0180

Source: XF
Type: UNKNOWN
oracle-cpu-jan-2008(39753)

Source: CCN
Type: IBM Internet Security Systems X-Force Database
Oracle Database XML DB component unspecified privilege escalation

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:database_server:9.2.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:collaboration_suite:10.1.2:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.22:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.48:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.8:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.3:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:12.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0.1.5::fips+:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.8dv:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:12.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.49:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:12.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:11.1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:12.0.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2008-0342 (CCN-39883)

    Assigned:2008-01-15
    Published:2008-01-15
    Updated:2008-01-15
    Summary:An unspecified vulnerability in the Oracle Database Upgrade/Downgrade component could be exploited by a remote authenticated attacker to have an unknown impact on the system.
    CVSS v3 Severity:4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): Low
    User Interaction (UI): Required
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): None
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
    4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Other
    References:Source: MITRE
    Type: CNA
    CVE-2008-0342

    Source: CCN
    Type: SA28518
    Oracle Products Multiple Vulnerabilities

    Source: CCN
    Type: SA28556
    HP Oracle for OpenView Multiple Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1019218
    Oracle Database and Other Products Have Unspecified Vulnerabilities With Unspecified Impact

    Source: CCN
    Type: Oracle Critical Patch Update - January 2008
    Oracle Critical Patch Update Advisory - January 2008

    Source: CCN
    Type: BID-27229
    Oracle January 2008 Critical Patch Update Multiple Vulnerabilities

    Source: XF
    Type: UNKNOWN
    oracle-database-upgdg-unspecified(39883)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.8:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.3:r2:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    oracle database server 9.2.0.8
    oracle database server 10.1.0.5
    oracle database server 10.2.0.3
    oracle application server 1.0.2.2
    oracle application server 10.1.2.0.2 r2
    oracle database server 10.1.0.5 r1
    oracle collaboration suite 10.1.2 r1
    oracle database server 10.2.0.2 r2
    oracle application server 9.0.4.3
    oracle peoplesoft enterprise peopletools 8.22
    oracle peoplesoft enterprise peopletools 8.48
    oracle database server 9.2.0.8 r2
    oracle database server 10.2.0.3 r2
    oracle e-business suite 12.0.0
    oracle database server 9.0.1.5
    oracle database server 9.2.0.8dv r2
    oracle e-business suite 12.0.1
    oracle peoplesoft enterprise peopletools 8.49
    oracle e-business suite 12.0.2
    oracle database server 11.1.0.6
    oracle e-business suite 11.5.10.2
    oracle e-business suite 12.0.3
    oracle database server 10.1.0.5 r1
    oracle database server 10.2.0.2 r2
    oracle database server 9.2.0.8 r2
    oracle database server 10.2.0.3 r2