NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2007-2114

Summary	Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed reliable claims that these issues are buffer overflows using a long CHANGE_TABLE_NAME parameter to the DBMS_CDC_IPUBLISH.CHGTAB_CACHE procedure (DB08) and Oracle Instant Client genezi utility (DB11).
Summary	Varias vulnerabilidades no especificadas en Oracle Database versiones 10.1.0.5 y 10.2.0.2 tienen un impacto desconocido y vectores de ataque autenticados remotos, relacionados con (1) Change Data Capture (CDC), también se conoce como DB08, y (2) Oracle Instant Client, también se conoce como DB11. NOTA: a partir de 24-04-2007, oracle no ha cuestionado las afirmaciones confiables de que estos problemas son desbordamientos de búfer utilizando un largo parámetro CHANGE_TABLE_NAME para el procedimiento DBMS_CDC_IPUBLISH.CHGTAB_CACHE (DB08) y el programa genezi de Oracle Client (DB11)
Publication Date	April 19, 2007, 3:19 a.m.
Registration Date	Jan. 29, 2021, 2:11 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : HIGH
Score	9.0
Vector	AV:N/AC:L/Au:S/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	単一
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	はい
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:oracle:database_server:10.1.0.5:::::::*
cpe:2.3:a:oracle:database_server:10.2.0.2:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf	cve@mitre.org
2	http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf	cve@mitre.org
3	http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html	cve@mitre.org
4	http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html	cve@mitre.org
5	http://www.securityfocus.com/archive/1/466329/100/200/threaded	cve@mitre.org
6	http://www.securityfocus.com/bid/23532	cve@mitre.org
7	http://www.securitytracker.com/id?1017927	cve@mitre.org
8	http://www.us-cert.gov/cas/techalerts/TA07-108A.html	cve@mitre.org
9	http://www.vupen.com/english/advisories/2007/1426	cve@mitre.org
10	http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf	af854a3a-2127-422b-91ae-364da2661108
11	http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf	af854a3a-2127-422b-91ae-364da2661108
12	http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html	af854a3a-2127-422b-91ae-364da2661108
13	http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html	af854a3a-2127-422b-91ae-364da2661108
14	http://www.securityfocus.com/archive/1/466329/100/200/threaded	af854a3a-2127-422b-91ae-364da2661108
15	http://www.securityfocus.com/bid/23532	af854a3a-2127-422b-91ae-364da2661108
16	http://www.securitytracker.com/id?1017927	af854a3a-2127-422b-91ae-364da2661108
17	http://www.us-cert.gov/cas/techalerts/TA07-108A.html	af854a3a-2127-422b-91ae-364da2661108
18	http://www.vupen.com/english/advisories/2007/1426	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List