Remote Code Execution Vulnerability in Oracle Database Products
CVE-2008-2607

Currently unrated

Key Information:

Vendor: Oracle
Status: Database Server; Database 9i; Advanced Queuing Component
Vendor: CVE Published:; 15 July 2008

What is CVE-2008-2607?

A vulnerability exists within the Advanced Queuing component of Oracle Database that can potentially be exploited by an authenticated remote attacker. By sending a specially crafted long argument to an unspecified procedure associated with the SYS.DBMS_AQELM package, an attacker may trigger a buffer overflow, leading to database corruption and possible execution of arbitrary code. This could result in denial of service and may compromise the integrity of the database. Oracle has acknowledged this issue but has not provided specific details regarding its resolution or mitigation.

References

http://www.oracle.com/technetwork/topics/security/cpujul2...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2008/2115

vdb-entryx_refsource_VUPEN

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

Timeline

Vulnerability published
Jul 15, 2008
Vulnerability Reserved
Jun 9, 2008