CVE-2008-1813

Name of the Vulnerable Software and Affected Versions Oracle Database versions 9.0.1.5 FIPS+ through 10.2.0.3

Description The issue affects multiple components of Oracle Database, including Advanced Queuing, Core RDBMS, Oracle Spatial, Export, and Query Optimizer. The vulnerabilities have unknown impact and can be exploited remotely by unauthenticated or authenticated attackers. The affected components include SYS.DBMS AQ, Core RDBMS, SDO GEOM, Export, and DBMS STATS. Researchers claim that one of the vulnerabilities may be related to SQL injection, and another occurs when the OUTLN account is reset to use a hard-coded password.

Recommendations For Oracle Database versions 9.0.1.5 FIPS+ through 10.2.0.3, consider restricting access to the vulnerable components, such as SYS.DBMS AQ, SDO GEOM, and DBMS STATS, until a patch is available. As a temporary workaround, avoid using the OUTLN account with a hard-coded password. Additionally, restrict access to the Export component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.