CVE-2007-1442 Information

Description

Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs) which allows local users to gain privileges.

Reference

http://argeniss.com/research/10MinSecAudit.zip http://osvdb.org/33979 http://secunia.com/advisories/24475 http://www.securityfocus.com/bid/22905