Vulnerability Description
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_AQELM. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a buffer overflow that allows attackers to cause a denial of service (database corruption) and possibly execute arbitrary code via a long argument to an unspecified procedure.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Advanced Queuing Component | All versions |
| Oracle | Database 9I | 9.2.0.8 |
| Oracle | Database Server | 10.1.0.5 |
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=726
- http://secunia.com/advisories/31087Vendor Advisory
- http://secunia.com/advisories/31113Vendor Advisory
- http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html
- http://www.securitytracker.com/id?1020499
- http://www.vupen.com/english/advisories/2008/2109/referencesVendor Advisory
- http://www.vupen.com/english/advisories/2008/2115Vendor Advisory
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=726
- http://secunia.com/advisories/31087Vendor Advisory
- http://secunia.com/advisories/31113Vendor Advisory
- http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html
- http://www.securitytracker.com/id?1020499
- http://www.vupen.com/english/advisories/2008/2109/referencesVendor Advisory
FAQ
What is CVE-2008-2607?
CVE-2008-2607 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related t...
How severe is CVE-2008-2607?
CVE-2008-2607 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2607?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Advanced Queuing Component, Oracle Database 9I, Oracle Database Server.