DB: Oracle Database SYS.LT.FINDRICSET Unsafe Command
This signature detects attempts to exploit a known vulnerability in the Oracle Database SYS.LT.FINDRICSET function. A successful attack can lead to the injection of arbitrary SQL code into the server.
Extended Description
Oracle Workspace Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Successful exploits allow 'PUBLIC' users to gain 'SYS' privileges; other attacks may also be possible. NOTE: This issue was previously documented in BID 26039 (Oracle October 2007 Critical Patch Update Multiple Vulnerabilities) but has been given its own BID because further technical details are now available.
Affected Products
Hp oracle_for_openview_for_linux_ltu
References
BugTraq: 26098
CVE: CVE-2007-5511
URL: http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-workspace-manager/
Short Name
DB:ORACLE:SYS:LT-FINDRICSET
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DB
Keywords
CVE-2007-5511 Command Database Oracle SYS.LT.FINDRICSET Unsafe bid:26098
Release Date
05/13/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3729
False Positive
Unknown
Vendors
Oracle
Hp
CVSS Score
6.5