CVE-2007-3855

Name of the Vulnerable Software and Affected Versions: Oracle Database versions 9.0.1.5 through 10.2.0.3

Description: The issue affects Oracle Database, allowing remote authenticated users to have an unknown impact. This is achieved through various components, including (1) SYS.DBMS DRS in the DataGuard component, (2) SYS.DBMS STANDARD in the PL/SQL component, (3) MDSYS.RTREE IDX in the Spatial component, and (4) the SQL Compiler. A researcher claims that one of the vulnerabilities, related to the SQL Compiler, can be used to perform unauthorized insert, update, or delete actions using Views.

Recommendations: For Oracle Database versions 9.0.1.5 through 10.2.0.3, consider restricting access to the SYS.DBMS DRS, SYS.DBMS STANDARD, and MDSYS.RTREE IDX components, as well as limiting the use of Views in the SQL Compiler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.