Release DateDec 13, 2007 |
Severitymedium |
ImpactSystem compromise: privilege escalation. |
DescriptionThis indicates an attempt to exploit an SQL injection vulnerability in Workspace Manager for Oracle Database.This vulnerability is due to insufficient sanitization of the input parameter in the "SYS.LT.FINDRICSET" function. A remote authenticated attacker could exploit this vulnerability by embedding malicious SQL code as part of the vulnerable parameter. |
Affected ProductsOracle Oracle9i Application Server 9.2 .8Oracle Oracle10g Standard Edition 10.2 .3 Oracle Oracle10g Standard Edition 10.2 .2 Oracle Oracle10g Standard Edition 10.1 .0.5 Oracle Oracle10g Personal Edition 10.2 .3 Oracle Oracle10g Personal Edition 10.2 .2 Oracle Oracle10g Personal Edition 10.1 .5 Oracle Oracle10g Enterprise Edition 10.2 .3 Oracle Oracle10g Enterprise Edition 10.2 .2 Oracle Oracle10g Enterprise Edition 10.1 .5 Oracle Oracle10g Application Server 10.1.2 .0.1 HP Oracle for OpenView for Linux LTU Service Bureaus 0 HP Oracle for OpenView for Linux LTU 0 HP Oracle for OpenView 9.1.1 HP Oracle for OpenView 8.1.7 HP Oracle for OpenView 9.2 |
Recommended ActionsPlease see Oracle Critical Patch Update:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-5511 |
Reference/shttp://www.securityfocus.com/bid/26098 (BugTraq) |
