CVE-2007-2109

Name of the Vulnerable Software and Affected Versions Oracle Database version 10.2.0.3

Description The issue involves multiple unspecified vulnerabilities with remote authenticated attack vectors. These vulnerabilities are related to the Rules Manager and Expression Filter components, as well as Oracle Streams. Specifically, there is a potential race condition in the RLMGR TRUNCATE MAINT trigger in the Rules Manager and Expression Filter components, which can change the AUTHID of a package from DEFINER to CURRENT USER after a TRUNCATE call. Additionally, there is a potential SQL injection vulnerability in the DBMS APPLY USER AGENT.SET REGISTRATION HANDLER procedure, which is later passed to the DBMS APPLY ADM INTERNAL.ALTER APPLY procedure.

Recommendations For Oracle Database version 10.2.0.3, as a temporary workaround, consider restricting access to the Rules Manager and Expression Filter components, as well as Oracle Streams, to minimize the risk of exploitation. Avoid using the DBMS APPLY USER AGENT.SET REGISTRATION HANDLER procedure until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.