CVE-2007-3856

Name of the Vulnerable Software and Affected Versions: Oracle Database versions 9.2.0.7 through 9.2.0.8DV Oracle Database 10g Release 2 versions 10.2.0.2 through 10.2.0.3 Oracle Database 10g version 10.1.0.5

Description: The issue concerns an unspecified vulnerability related to DMSYS.DMP SYS. It has unknown impact and is associated with remote authenticated attack vectors. Additionally, the current Oracle version has multiple vulnerabilities that allow remote attackers to bypass security restrictions, execute arbitrary SQL commands, and gain access to sensitive data.

Recommendations: For Oracle Database versions 9.2.0.7 through 9.2.0.8DV, update to a version that addresses the security restrictions bypass and arbitrary SQL command execution vulnerabilities. For Oracle Database 10g Release 2 versions 10.2.0.2 through 10.2.0.3, update to a version that addresses the security restrictions bypass and arbitrary SQL command execution vulnerabilities. For Oracle Database 10g version 10.1.0.5, update to a version that addresses the security restrictions bypass and arbitrary SQL command execution vulnerabilities. As a temporary workaround, consider restricting access to sensitive data and limiting the execution of arbitrary SQL commands until a patch is available.