CVE-2007-1442 — Oracle Database Server vulnerability

5 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.7%

top 26.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Database Server

Timeline

PublishedMar 14

Latest updateMay 1

Description

Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDoracle/database_server10.2.1, 10.2.2, 10.2.3+2

🔴Vulnerability Details

GHSA

GHSA-7w8h-97qm-v5g3: Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACL↗2022-05-01

▶

CVEList

CVE-2007-1442: Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACL↗2007-03-14

▶

💥Exploits & PoCs

Exploit-DB

VideoLAN VLC Media Player 0.8.6d - 'httpd_FileCallBack' Remote Format String↗2008-04-28

▶

💬Community

Bugzilla

CVE-2007-4974 Heap overflow in libsndfile triggerable by seeks↗2008-01-28

▶