PT-2007-3450 · Oracle · Oracle Database
Chris Taschner
·
Published
2007-04-18
·
Updated
2018-10-16
·
CVE-2007-2108
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Oracle Database versions 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2
Description
The issue is related to an unspecified vulnerability in the Core RDBMS component. It allows remote attackers to have an unknown impact. The problem occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided, even though all users are authenticated as Guest. This allows remote attackers to gain privileges.
Recommendations
For Oracle Database version 9.0.1.5, update to a version that fixes this issue.
For Oracle Database version 9.2.0.8, update to a version that fixes this issue.
For Oracle Database version 10.1.0.5, update to a version that fixes this issue.
For Oracle Database version 10.2.0.2, update to a version that fixes this issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Database