Oracle Database Advanced Queuing component unspecified denial of service

oracle-database-advqueuing-dos (42037) The risk level is classified as LowLow Risk

Description:

An unspecified vulnerability in the Oracle Database Advanced Queuing component could allow a remote attacker with EXECUTE privileges on the SYS.DBMS_AQJMS_INTERNAL package to cause a denial of service.

Platforms Affected:

  • Oracle, Database Server 10.1.0.5
  • Oracle, Database Server 9.0.1.5 FIPS+

Remedy:

Refer to Oracle Critical Patch Update - April 2008 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Denial of Service

References:

  • Oracle Critical Patch Update - April 2008, Oracle Critical Patch Update Advisory - April 2008 at http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html. (DB15)
  • CVE-2008-1821: Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+, and 10.1.0.5 has unknown impact and remote attack vectors related to SYS.DBMS_AQJMS_INTERNAL, aka DB15. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB15 is for multiple buffer overflows in the (1) AQ$_REGISTER and (2) AQ$_UNREGISTER procedures.
  • SA29829: Oracle Products Multiple Vulnerabilities
  • SA29874: HP Oracle for OpenView Multiple Vulnerabilities
  • SECTRACK ID: 1019855: Oracle Database and Other Products Have Unspecified Vulnerabilities With Unspecified Impact
  • VUPEN/ADV-2008-1233: Oracle Products Command Execution and SQL Injection Vulnerabilities
  • VUPEN/ADV-2008-1267: HP Oracle for OpenView Code Execution and Security Bypass

Reported:

Apr 15, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page