CVE-2007-2108

Name of the Vulnerable Software and Affected Versions Oracle Database versions 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2

Description The issue is related to an unspecified vulnerability in the Core RDBMS component. It allows remote attackers to have an unknown impact. The problem occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided, even though all users are authenticated as Guest. This allows remote attackers to gain privileges.

Recommendations For Oracle Database version 9.0.1.5, update to a version that fixes this issue. For Oracle Database version 9.2.0.8, update to a version that fixes this issue. For Oracle Database version 10.1.0.5, update to a version that fixes this issue. For Oracle Database version 10.2.0.2, update to a version that fixes this issue.