Alias(es)Oracle.Database.PITRIG.DROPMETADATA.Access |
Release DateNov 14, 2007 |
Severitymedium |
ImpactSystem compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates a buffer overflow vulnerability in Oracle 10g R2.The vulnerability is caused by failure to check the parameters passed to the XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure. It allows remote attackers to execute arbitrary code by calling this precedure with long arguments. |
Affected ProductsOracle Oracle10g Standard Edition 10.2.3Oracle Oracle10g Standard Edition 10.2.2 Oracle Oracle10g Standard Edition 10.2.1 Oracle Oracle10g Personal Edition 10.2.3 Oracle Oracle10g Personal Edition 10.2.2 Oracle Oracle10g Personal Edition 10.2.1 Oracle Oracle10g Enterprise Edition 10.2.3 Oracle Oracle10g Enterprise Edition 10.2.2 Oracle Oracle10g Enterprise Edition 10.2.1 |
Recommended ActionsCurrently we are not aware of any official fix for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-4517 |
Reference/shttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=622http://www.frsirt.com/english/advisories/2007/3803 (FrSIRT) http://www.securityfocus.com/bid/26374 (BugTraq) http://www.exploit-db.com/exploits/18093/ |
