CVE-2007-3854: Buffer Overflow
First published: Wed Jul 18 2007(Updated: )
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Database Server | =10.2.0.3-r2 | |
| Oracle Application Server | =10.1.2.0.2 | |
| Oracle Database Server | =9.0.1.5 | |
| Oracle Peoplesoft Enterprise Customer Relationship Management | =9.0 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.47 | |
| Oracle Application Server | =10.1.3.2.0 | |
| Oracle Application Server | =10.1.3.1.0 | |
| Oracle Application Server | =10.1.2.1.0 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.48 | |
| Oracle Application Server | =1.0.2.2-r2 | |
| Oracle Peoplesoft Enterprise Human Capital Management | =9.0 | |
| Oracle Secure Enterprise Search | =10.1.8 | |
| Oracle APEX | =1.6.1 | |
| Oracle Peoplesoft Enterprise Customer Relationship Management | =8.9 | |
| Oracle Database Server | =9.2.0.7-r2 | |
| Oracle E-Business Suite | =12.0.0 | |
| Oracle Database Server | =9.2.0.8-r2 | |
| Oracle E-Business Suite | =11.5.10.2 | |
| Oracle APEX | =2.2 | |
| Oracle E-Business Suite | =12.0.1 | |
| Oracle Application Server | =9.0.4.3 | |
| Oracle APEX | =1.5.0 | |
| Oracle Secure Enterprise Search | =10.1.6 | |
| Oracle Peoplesoft Enterprise Human Capital Management | =8.9 | |
| Oracle Application Server | =10.1.2.0.1 | |
| Oracle Application Server | =10.1.2.2.0 | |
| Oracle Database Server | =10.2.0.2-r2 | |
| Oracle Application Server | =10.1.3.0.0 | |
| Oracle Collaboration Suite | =10.1.2 | |
| Oracle E-Business Suite | =11.5.10 | |
| Oracle E-Business Suite | =11.5.8 | |
| Oracle Database Server | =9.2.0.8dv-r2 | |
| Oracle Application Server | =10.1.3.3.0 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.22 | |
| Oracle E-Business Suite | =11.5.9 | |
| Oracle Database Server | =10.1.0.5 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.49 | |
| Oracle APEX | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html
- http://secunia.com/advisories/26114
- http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_prvtaqis.html
- http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf
- http://www.us-cert.gov/cas/techalerts/TA07-200A.html
- http://www.securitytracker.com/id?1018415
- http://secunia.com/advisories/26166
- http://www.vupen.com/english/advisories/2007/2562
- http://www.vupen.com/english/advisories/2007/2635
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143
- http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35497
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35490
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/oracle
- canonical/oracle database server
- version/oracle database server/10.2.0.3-r2
- canonical/oracle application server
- version/oracle application server/10.1.2.0.2
- version/oracle database server/9.0.1.5
- canonical/oracle peoplesoft enterprise customer relationship management
- version/oracle peoplesoft enterprise customer relationship management/9.0
- canonical/oracle peoplesoft enterprise peopletools
- version/oracle peoplesoft enterprise peopletools/8.47
- version/oracle application server/10.1.3.2.0
- version/oracle application server/10.1.3.1.0
- version/oracle application server/10.1.2.1.0
- version/oracle peoplesoft enterprise peopletools/8.48
- version/oracle application server/1.0.2.2-r2
- canonical/oracle peoplesoft enterprise human capital management
- version/oracle peoplesoft enterprise human capital management/9.0
- canonical/oracle secure enterprise search
- version/oracle secure enterprise search/10.1.8
- canonical/oracle apex
- version/oracle apex/1.6.1
- version/oracle peoplesoft enterprise customer relationship management/8.9
- version/oracle database server/9.2.0.7-r2
- canonical/oracle e-business suite
- version/oracle e-business suite/12.0.0
- version/oracle database server/9.2.0.8-r2
- version/oracle e-business suite/11.5.10.2
- version/oracle apex/2.2
- version/oracle e-business suite/12.0.1
- version/oracle application server/9.0.4.3
- version/oracle apex/1.5.0
- version/oracle secure enterprise search/10.1.6
- version/oracle peoplesoft enterprise human capital management/8.9
- version/oracle application server/10.1.2.0.1
- version/oracle application server/10.1.2.2.0
- version/oracle database server/10.2.0.2-r2
- version/oracle application server/10.1.3.0.0
- canonical/oracle collaboration suite
- version/oracle collaboration suite/10.1.2
- version/oracle e-business suite/11.5.10
- version/oracle e-business suite/11.5.8
- version/oracle database server/9.2.0.8dv-r2
- version/oracle application server/10.1.3.3.0
- version/oracle peoplesoft enterprise peopletools/8.22
- version/oracle e-business suite/11.5.9
- version/oracle database server/10.1.0.5
- version/oracle peoplesoft enterprise peopletools/8.49
- version/oracle apex/2.0