Signature Detail

DB: Oracle Database Core RDBMS Component Denial of Service

This signature detects attempts to exploit a known flaw in Oracle Database. A successful attack could result in a Denial of Service (DoS).

Extended Description

Oracle has released Octobers Critical Patch Update that addresses 51 vulnerabilities affecting Oracle Database, Oracle Application Server, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle People Soft Enterprise, and JD Edwards EnterpriseOne. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise.

Affected Products

• HP Oracle for OpenView 8.1.7
• HP Oracle for OpenView 9.1.01
• HP Oracle for OpenView 9.2
• HP Oracle for OpenView for Linux LTU
• HP Oracle for OpenView for Linux LTU Service Bureaus
• Oracle Collaboration Suite 10g 10.1.2
• Oracle E-Business Suite 11i 11.5.10
• Oracle E-Business Suite 11i 11.5.10 CU2
• Oracle E-Business Suite 11i 11.5.8
• Oracle E-Business Suite 11i 11.5.9
• Oracle E-Business Suite 12 12.0.0
• Oracle E-Business Suite 12 12.0.1
• Oracle E-Business Suite 12 12.0.2
• Oracle E-Business Suite 12 12.0.3
• Oracle Enterprise Manager Database Control 10g 10.1.0.5
• Oracle Enterprise Manager Database Control 10g 10.2.0.2
• Oracle Enterprise Manager Database Control 10g 10.2.0.3
• Oracle Enterprise Manager Grid Control 10g 10.1.0 .5
• Oracle Enterprise Manager Grid Control 10g 10.1.0 6
• Oracle Oracle10g Application Server 10.1.2 .0.1
• Oracle Oracle10g Application Server 10.1.2 .0.2
• Oracle Oracle10g Application Server 10.1.2 .1.0
• Oracle Oracle10g Application Server 10.1.2 .2.0
• Oracle Oracle10g Application Server 10.1.3 .0.0
• Oracle Oracle10g Application Server 10.1.3 .1.0
• Oracle Oracle10g Application Server 10.1.3 .2.0
• Oracle Oracle10g Application Server 10.1.3 .3.0
• Oracle Oracle10g Application Server 9.0.4 3
• Oracle Oracle10g Enterprise Edition 10.1.0 .5
• Oracle Oracle10g Enterprise Edition 10.2.0 .2
• Oracle Oracle10g Enterprise Edition 10.2.0 .3
• Oracle Oracle10g Personal Edition 10.1.0.5
• Oracle Oracle10g Personal Edition 10.2.0 .2
• Oracle Oracle10g Personal Edition 10.2.0 .3
• Oracle Oracle10g Standard Edition 10.1.0 .5
• Oracle Oracle10g Standard Edition 10.2.0 .2
• Oracle Oracle10g Standard Edition 10.2.0 .3
• Oracle Oracle9i Enterprise Edition 9.2.0.8.0
• Oracle Oracle9i Enterprise Edition 9.2.0 .8DV
• Oracle Oracle9i Personal Edition 9.2.0 .8
• Oracle Oracle9i Personal Edition 9.2.0 .8DV
• Oracle Oracle9i Standard Edition 9.2.0.8
• Oracle Oracle9i Standard Edition 9.2.0 .8DV
• Oracle PeopleSoft Enterprise Human Capital Management 8.9
• Oracle PeopleSoft Enterprise Human Capital Management 9.0
• Oracle PeopleSoft Enterprise PeopleTools 8.22
• Oracle PeopleSoft Enterprise PeopleTools 8.47
• Oracle PeopleSoft Enterprise PeopleTools 8.48
• Oracle PeopleSoft Enterprise PeopleTools 8.49

References

• BugTraq: 26039
• CVE: CVE-2007-5530