CVE-2007-2110
First published: Wed Apr 18 2007(Updated: )
Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Database | =9.0.1.5 | |
| Oracle Database | =9.2.0.7 | |
| Oracle Database | =10.1.0.4 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.freelists.org/archives/oracle-l/12-2006/msg00004.html
- http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf
- http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf
- http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
- https://www.blackhat.com/presentations/bh-dc-07/Cerrudo/Presentation/bh-dc-07-Cerrudo-ppt.pdf
- http://www.securitytracker.com/id?1017927
- http://www.us-cert.gov/cas/techalerts/TA07-108A.html
- http://www.securityfocus.com/bid/23532
- http://www.vupen.com/english/advisories/2007/1426
- http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html
- http://www.securityfocus.com/archive/1/466329/100/200/threaded
Frequently Asked Questions
What is the severity of CVE-2007-2110?
CVE-2007-2110 has an unknown severity level due to unspecified impact and attack vectors.
How do I fix CVE-2007-2110?
The recommended fix for CVE-2007-2110 is to apply the latest patches provided by Oracle for affected versions.
Which versions are affected by CVE-2007-2110?
CVE-2007-2110 affects Oracle Database versions 9.0.1.5, 9.2.0.7, and 10.1.0.4 on Windows systems.
What are the potential risks of CVE-2007-2110?
The potential risks of CVE-2007-2110 are currently unspecified, making it challenging to assess the full impact.
Is there any known workaround for CVE-2007-2110?
As of now, there are no widely known workarounds for CVE-2007-2110, making it essential to apply patches as soon as possible.
- collector/nvd-historical
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle database
- version/oracle database/9.0.1.5
- version/oracle database/9.2.0.7
- version/oracle database/10.1.0.4
- vendor/microsoft
- canonical/microsoft windows