The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Oracle Database: several vulnerabilities of January 2007

Synthesis of the vulnerability 

Several vulnerabilities are corrected by CPU of January 2007.
Vulnerable products: OpenView, Oracle DB.
Severity of this weakness: 3/4.
Number of vulnerabilities in this bulletin: 17.
Creation date: 17/01/2007.
Revisions dates: 22/01/2007, 25/01/2007, 30/01/2007, 06/03/2007, 02/04/2007.
Références of this bulletin: BID-22083, c00727143, cpujan2007, CVE-2007-0268, CVE-2007-0269, CVE-2007-0270, CVE-2007-0271, CVE-2007-0272, CVE-2007-0273, CVE-2007-0274, CVE-2007-0275, CVE-2007-0276, CVE-2007-0277, CVE-2007-0278, HPSBMA02133, NGS00402, SSRT061201, VIGILANCE-VUL-6474, VU#221788.

Description of the vulnerability 

CPU (Critical Patch Update) of January 2007 corrects several vulnerabilities of Oracle Database. Oracle's announce contains a detailed table, summarized below.

An authenticated attacker with execute privilege on sys.dbms_aq can obtain or alter information via a SQL injection in DBMS_AQ_INV. [severity:3/4; CVE-2007-0268, VU#221788]

An authenticated attacker with execute privilege on sys.dbms_cdc_subscribe can obtain or alter information. [severity:3/4; CVE-2007-0269]

An authenticated attacker with execute privilege on sys.dbms_drs can alter information or generate a denial of service, by using a buffer overflow in DBMS_DRS.GET_PROPERTY function. [severity:3/4; CVE-2007-0270]

An authenticated attacker with execute privilege on sys.dbms_logmnr (announce indicates sys.dbms_log_mnr) can alter information or generate a denial of service, by exploiting a buffer overflow in DBMS_LOGMNR.ADD_LOGFILE procedure. [severity:3/4; CVE-2007-0271]

An authenticated attacker with execute privilege on mdsys.md can alter information or generate a denial of service, by exploiting overflows in its procedures. [severity:3/4; CVE-2007-0272]

A HTTP attacker can alter information via a Cross Site Scripting. [severity:3/4; CVE-2007-0273]

An authenticated attacker with execute privilege on sys.dbms_repcat_untrusted can generate a denial of service, by exploiting a buffer overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT procedure. Code execution may be possible. [severity:3/4; CVE-2007-0268]

An authenticated attacker with execute privilege on sys.dbms_logrep_util can generate a denial of service, by exploiting a buffer overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME procedure. Code execution may be possible. [severity:3/4; CVE-2007-0274]

An authenticated attacker with execute privilege on sys.dbms_capture_adm_internal can generate a denial of service, by exploiting overflos in CREATE_CAPTURE, ALTER_CAPTURE and ABORT_TABLE_INSTANTIATION procedures. Code execution may be possible. [severity:3/4; CVE-2007-0274]

An authenticated HTTP attacker can alter information. [severity:3/4; CVE-2007-0275]

An local attacker can use oklist or okdstry programs to exploit a vulnerability. [severity:3/4; CVE-2007-0276]

An local attacker can use expdp or impdp programs to exploit a vulnerability. [severity:3/4; CVE-2007-0277]

An local attacker can use lmsgen program to exploit a vulnerability. [severity:3/4; CVE-2007-0278]

An local attacker can use tnslsnr program to exploit a vulnerability. [severity:3/4; CVE-2007-0276]

An local attacker can use ctxkbtc program to exploit a vulnerability. [severity:3/4; CVE-2007-0278]

An local attacker can use ctxload program to exploit a vulnerability. [severity:3/4; CVE-2007-0268]

An local attacker can use oklist program to exploit a vulnerability. [severity:3/4; CVE-2007-0276]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness note impacts software or systems such as OpenView, Oracle DB.

Our Vigil@nce team determined that the severity of this threat note is important.

The trust level is of type confirmed by the editor, with an origin of intranet client.

This bulletin is about 17 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer weakness.

Solutions for this threat 

Oracle Database: CPU of January 2007.
Oracle's announce contains a table indicating corrected versions.

Oracle for OpenView: patch.
A patch is available from Oracle or HP support.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a network vulnerability workaround. The Vigil@nce vulnerability database contains several thousand vulnerabilities.