Signature Detail

DB: Oracle Database Core RDBMS Component Denial of Service

This signature detects attempts to exploit a known flaw in Oracle Database. A successful attack could result in a Denial of Service (DoS).

Extended Description

Oracle has released Octobers Critical Patch Update that addresses 51 vulnerabilities affecting Oracle Database, Oracle Application Server, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle People Soft Enterprise, and JD Edwards EnterpriseOne. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise.

Affected Products

• Hp oracle_for_openview 8.1.7
• Hp oracle_for_openview 9.1.01
• Hp oracle_for_openview 9.2
• Hp oracle_for_openview_for_linux_ltu
• Hp oracle_for_openview_for_linux_ltu_service_bureaus
• Oracle collaboration_suite_10g 10.1.2
• Oracle e-business_suite_11i 11.5.10
• Oracle e-business_suite_11i 11.5.10 CU2
• Oracle e-business_suite_11i 11.5.8
• Oracle e-business_suite_11i 11.5.9
• Oracle e-business_suite_12 12.0.0
• Oracle e-business_suite_12 12.0.1
• Oracle e-business_suite_12 12.0.2
• Oracle e-business_suite_12 12.0.3
• Oracle enterprise_manager_database_control_10g 10.1.0.5
• Oracle enterprise_manager_database_control_10g 10.2.0.2
• Oracle enterprise_manager_database_control_10g 10.2.0.3
• Oracle enterprise_manager_grid_control_10g 10.1.0 .5
• Oracle enterprise_manager_grid_control_10g 10.1.0 6
• Oracle oracle10g_application_server 10.1.2 .0.1
• Oracle oracle10g_application_server 10.1.2 .0.2
• Oracle oracle10g_application_server 10.1.2 .1.0
• Oracle oracle10g_application_server 10.1.2 .2.0
• Oracle oracle10g_application_server 10.1.3 .0.0
• Oracle oracle10g_application_server 10.1.3 .1.0
• Oracle oracle10g_application_server 10.1.3 .2.0
• Oracle oracle10g_application_server 10.1.3 .3.0
• Oracle oracle10g_application_server 9.0.4 3
• Oracle oracle10g_enterprise_edition 10.1.0 .5
• Oracle oracle10g_enterprise_edition 10.2.0 .2
• Oracle oracle10g_enterprise_edition 10.2.0 .3
• Oracle oracle10g_personal_edition 10.1.0.5
• Oracle oracle10g_personal_edition 10.2.0 .2
• Oracle oracle10g_personal_edition 10.2.0 .3
• Oracle oracle10g_standard_edition 10.1.0 .5
• Oracle oracle10g_standard_edition 10.2.0 .2
• Oracle oracle10g_standard_edition 10.2.0 .3
• Oracle oracle9i_enterprise_edition 9.2.0.8.0
• Oracle oracle9i_enterprise_edition 9.2.0 .8DV
• Oracle oracle9i_personal_edition 9.2.0 .8
• Oracle oracle9i_personal_edition 9.2.0 .8DV
• Oracle oracle9i_standard_edition 9.2.0.8
• Oracle oracle9i_standard_edition 9.2.0 .8DV
• Oracle peoplesoft_enterprise_human_capital_management 8.9
• Oracle peoplesoft_enterprise_human_capital_management 9.0
• Oracle peoplesoft_enterprise_peopletools 8.22
• Oracle peoplesoft_enterprise_peopletools 8.47
• Oracle peoplesoft_enterprise_peopletools 8.48
• Oracle peoplesoft_enterprise_peopletools 8.49

References

• BugTraq: 26039
• BugTraq: 26108
• CVE: CVE-2007-5530