CVE-2007-2108
First published: Wed Apr 18 2007(Updated: )
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows | ||
| Oracle Database | =9.0.1.5 | |
| Oracle Database | =9.2.0.8 | |
| Oracle Database | =10.1.0.5 | |
| Oracle Database | =10.2.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf
- http://www.ngssoftware.com/papers/database-on-xp.pdf
- http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf
- http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
- http://www.kb.cert.org/vuls/id/809457
- http://www.securitytracker.com/id?1017927
- http://www.us-cert.gov/cas/techalerts/TA07-108A.html
- http://www.securityfocus.com/bid/23532
- http://www.vupen.com/english/advisories/2007/1426
- http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html
- http://www.securityfocus.com/archive/1/466329/100/200/threaded
Frequently Asked Questions
What is the severity of CVE-2007-2108?
The severity of CVE-2007-2108 has not been fully disclosed, but it is a significant vulnerability in Oracle Database that allows remote attackers to potentially impact the system.
How do I fix CVE-2007-2108?
To fix CVE-2007-2108, ensure that you apply the latest patches and updates provided by Oracle for the affected versions of Oracle Database.
Which versions of Oracle Database are affected by CVE-2007-2108?
CVE-2007-2108 affects Oracle Database versions 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2.
Is CVE-2007-2108 applicable to operating systems other than Windows?
CVE-2007-2108 is specifically noted to affect Oracle Database when running on Microsoft Windows.
Are there any workarounds for CVE-2007-2108?
There are no specific workarounds mentioned for CVE-2007-2108, and applying recommended patches is the best course of action.
- collector/nvd-historical
- agent/type
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft windows
- vendor/oracle
- canonical/oracle database
- version/oracle database/9.0.1.5
- version/oracle database/9.2.0.8
- version/oracle database/10.1.0.5
- version/oracle database/10.2.0.2