Vulnerability Description
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection, and DB13 occurs when the OUTLN account is reset to use a hard-coded password.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Database 9I | 9.0.1.5 |
| Oracle | Database Server | 9.0.1.5 |
References
- http://secunia.com/advisories/29829Vendor Advisory
- http://secunia.com/advisories/29874Vendor Advisory
- http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html
- http://www.red-database-security.com/advisory/oracle_outln_password_change.html
- http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_geom.html
- http://www.securityfocus.com/archive/1/490919/100/0/threaded
- http://www.securityfocus.com/archive/1/490950/100/0/threaded
- http://www.securityfocus.com/archive/1/491024/100/0/threaded
- http://www.securitytracker.com/id?1019855
- http://www.vupen.com/english/advisories/2008/1233/referencesVendor Advisory
- http://www.vupen.com/english/advisories/2008/1267/referencesVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41858
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41991
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41992
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41993
FAQ
What is CVE-2008-1813?
CVE-2008-1813 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related...
How severe is CVE-2008-1813?
CVE-2008-1813 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1813?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Database 9I, Oracle Database Server.