CVE-2008-1813

Severity

65%

Complexity

80%

Confidentiality

106%

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection, and DB13 occurs when the OUTLN account is reset to use a hard-coded password.

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection, and DB13 occurs when the OUTLN account is reset to use a hard-coded password.

CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).

Overview

Type

Oracle Database Server 10g

First reported 16 years ago

2008-04-16 10:05:00

Last updated 6 years ago

2018-10-11 20:37:00

Affected Software

オラクル データベースサーバ 10g 10.1.0.5

10.1.0.5

オラクル データベースサーバ 10g 10.2.0.3

10.2.0.3

References

29829

Vendor Advisory

29874

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html

http://www.red-database-security.com/advisory/oracle_outln_password_change.html

http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_geom.html

20080416 Oracle - SQL Injection in package SDO_GEOM [DB06]

20080416 Oracle - Hardcoded Password and Password Reset of OUTLN User [DB13]

HPSBMA02133

1019855

ADV-2008-1233

Vendor Advisory

ADV-2008-1267

Vendor Advisory

oracle-cpu-april-2008(41858)

oracle-database-dbmsaq-unspecified(41991)

oracle-database-corerdbms-unspecified(41992)

oracle-database-sdogeom-sql-injection(41993)

oracle-database-export-info-disclosure(41994)

oracle-database-queryop-default-password(41995)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.