Oracle Database Server SQL Injection In SET_REGISTRATION_HANDLER Of DBMS_APPLY_USER_AGENT Package
Publish Date: 15 Februar 2011
Schweregrad:: Mittel
CVE Kennungen:: CVE-2007-2109
Hinweisdatum: 15 Februar 2011
Beschreibung
Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a race condition in the RLMGR_TRUNCATE_MAINT trigger in the Rules Manager and Expression Filter components changing the AUTHID of a package from DEFINER to CURRENT_USER after a TRUNCATE call, and DB06 is for SQL injection in the DBMS_APPLY_USER_AGENT.SET_REGISTRATION_HANDLER procedure, which is later passed to the DBMS_APPLY_ADM_INTERNAL.ALTER_APPLY procedure, aka "Oracle Streams".
Trend Micro Lösungen
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1000987
Trend Micro Deep Security DPI Rule Name: 1000987 - Oracle Database Server SQL Injection In SET_REGISTRATION_HANDLER Of DBMS_APPLY_USER_AGENT Package
Betroffene Software und Version:
- Oracle Oracle Database 10.2.0.3