Unspecified Vulnerability in Oracle Database Advanced Queuing Component
CVE-2009-0977

Currently unrated

Key Information:

Vendor: Oracle
Status: Database 10g; Database 9i
Vendor: CVE Published:; 15 April 2009

What is CVE-2009-0977?

An unspecified vulnerability within the Advanced Queuing component of Oracle Database allows remote authenticated users to potentially compromise the confidentiality and integrity of the database. This issue may be linked to SQL injection flaws within the GRANT_TYPE_ACCESS procedure of the DBMS_AQADM_SYS package, as suggested by security researchers. Proper security measures should be implemented to secure affected versions.

References

http://www.securityfocus.com/bid/34461

vdb-entryx_refsource_BID

http://secunia.com/advisories/34693

third-party-advisoryx_refsource_SECUNIA

http://www.us-cert.gov/cas/techalerts/TA09-105A.html

third-party-advisoryx_refsource_CERT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2009
Vulnerability Reserved
Mar 19, 2009