CVE-2009-0977

Name of the Vulnerable Software and Affected Versions Oracle Database versions 9.2.0.8 through 9.2.0.8DV Oracle Database versions 10.1.0.5 Oracle Database versions 10.2.0.3

Description The issue affects the Advanced Queuing component and is related to DBMS AQIN. It may allow remote authenticated users to impact confidentiality and integrity. There are claims that this issue could be related to SQL injection in the GRANT TYPE ACCESS procedure within the DBMS AQADM SYS package.

Recommendations For Oracle Database version 9.2.0.8, consider restricting access to the Advanced Queuing component until a fix is available. For Oracle Database version 9.2.0.8DV, consider restricting access to the Advanced Queuing component until a fix is available. For Oracle Database version 10.1.0.5, consider restricting access to the Advanced Queuing component until a fix is available. For Oracle Database version 10.2.0.3, consider restricting access to the Advanced Queuing component until a fix is available. As a temporary workaround, consider disabling the GRANT TYPE ACCESS procedure in the DBMS AQADM SYS package to minimize the risk of exploitation.