Vulnerability Description
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the researcher's claim that this is a stack-based buffer overflow in DBMS_AW.EXECUTE, which allows code execution via a long Current Directory Alias (CDA) command.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Database Server | 11.1.0.7 |
References
- http://www.databaseforensics.com/Oracle_Jan2015_CPU.pdfPatch
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/72134
- http://www.securitytracker.com/id/1031572
- http://www.databaseforensics.com/Oracle_Jan2015_CPU.pdfPatch
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/72134
- http://www.securitytracker.com/id/1031572
FAQ
What is CVE-2014-6567?
CVE-2014-6567 is a vulnerability with a CVSS score of 9.0 (HIGH). Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integr...
How severe is CVE-2014-6567?
CVE-2014-6567 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-6567?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Database Server.