CVE-2007-2114

Name of the Vulnerable Software and Affected Versions Oracle Database versions 10.1.0.5 through 10.2.0.2

Description The issue is related to multiple unspecified vulnerabilities in Oracle Database, with remote authenticated attack vectors. These vulnerabilities are associated with (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. It is reported that these issues may be buffer overflows, potentially caused by using a long CHANGE TABLE NAME parameter to the DBMS CDC IPUBLISH.CHGTAB CACHE procedure and the Oracle Instant Client genezi utility.

Recommendations For Oracle Database versions 10.1.0.5 through 10.2.0.2, consider restricting access to the DBMS CDC IPUBLISH.CHGTAB CACHE procedure and the Oracle Instant Client genezi utility to minimize the risk of exploitation. Avoid using a long CHANGE TABLE NAME parameter in the DBMS CDC IPUBLISH.CHGTAB CACHE procedure until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.