CVE-2008-2625

Name of the Vulnerable Software and Affected Versions Oracle Database versions 9.2.0.8 through 9.2.0.8DV Oracle Database versions 10.1.0.5 Oracle Database versions 10.2.0.2

Description The issue affects confidentiality and integrity, potentially allowing remote attackers to bypass security restrictions and execute arbitrary SQL commands. It may involve an authentication bypass by establishing a TNS connection and impersonating a user session via a crafted authentication message during proxy authentication mode.

Recommendations For Oracle Database version 9.2.0.8, consider disabling proxy authentication mode until a patch is available. For Oracle Database version 9.2.0.8DV, restrict access to sensitive data to minimize the risk of exploitation. For Oracle Database version 10.1.0.5, avoid using crafted authentication messages in TNS connections. For Oracle Database version 10.2.0.2, limit the execution of arbitrary SQL commands to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.