CVE-2007-5513 Information
Description
The XML DB (XMLDB) component in Oracle Database 9.2.0.8 9.2.0.8DV and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters or (2) short entries contain any extra characters from usernames in previous entries aka DB23.
Reference
http://marc.info/?l=bugtraq&m=119332677525918&w=2 http://secunia.com/advisories/27251 http://secunia.com/advisories/27409 http://securityreason.com/securityalert/3247 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-xmldb-ftp-service/ http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html http://www.securityfocus.com/archive/1/482426/100/0/threaded http://www.securityfocus.com/bid/26107 http://www.securitytracker.com/id?1018823 http://www.us-cert.gov/cas/techalerts/TA07-290A.html http://www.vupen.com/english/advisories/2007/3524 http://www.vupen.com/english/advisories/2007/3626
Share on: