CVE-2008-1821

Name of the Vulnerable Software and Affected Versions Oracle Database versions 9.0.1.5 FIPS+ and 10.1.0.5

Description The issue concerns an unspecified vulnerability in the Advanced Queuing component, with potential remote attack vectors. It is related to SYS.DBMS AQJMS INTERNAL. Researchers claim that the vulnerability may be due to multiple buffer overflows in the (1) AQ$ REGISTER and (2) AQ$ UNREGISTER procedures. The current Oracle version has vulnerabilities that allow remote attackers to bypass security restrictions, execute arbitrary SQL commands, and gain access to sensitive data.

Recommendations For Oracle Database version 9.0.1.5 FIPS+, update to a version that addresses the buffer overflows in the AQ$ REGISTER and AQ$ UNREGISTER procedures. For Oracle Database version 10.1.0.5, update to a version that addresses the buffer overflows in the AQ$ REGISTER and AQ$ UNREGISTER procedures. As a temporary workaround, consider restricting access to the SYS.DBMS AQJMS INTERNAL component until a patch is available.