CVE-2007-0274

Name of the Vulnerable Software and Affected Versions Oracle Database versions 9.2.0.7 and 10.1.0.5

Description The issue involves multiple unspecified vulnerabilities related to (1) Export and sys.dbms logrep util, and (2) Oracle Streams and sys.dbms capture adm internal privileges. Researcher claims suggest that one of the vulnerabilities is a buffer overflow in the GET OBJECT NAME procedure in the DBMS LOGREP UTIL package, and another involves buffer overflows in the CREATE CAPTURE, ALTER CAPTURE, and ABORT TABLE INSTANTIATION procedures in SYS.DBMS CAPTURE ADM INTERNAL.

Recommendations For Oracle Database version 9.2.0.7, consider disabling the GET OBJECT NAME procedure in the DBMS LOGREP UTIL package and restricting access to the CREATE CAPTURE, ALTER CAPTURE, and ABORT TABLE INSTANTIATION procedures in SYS.DBMS CAPTURE ADM INTERNAL until a patch is available. For Oracle Database version 10.1.0.5, consider disabling the GET OBJECT NAME procedure in the DBMS LOGREP UTIL package and restricting access to the CREATE CAPTURE, ALTER CAPTURE, and ABORT TABLE INSTANTIATION procedures in SYS.DBMS CAPTURE ADM INTERNAL until a patch is available.