CVE Vulnerabilities

CVE-2007-1442

Published: Mar 14, 2007 | Modified: Nov 15, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.

Affected Software

Name Vendor Start Version End Version
Database_server Oracle 10.2.2 10.2.2
Database_server Oracle 10.2.2 10.2.2
Database_server Oracle 10.2.3 10.2.3
Database_server Oracle 10.2.3 10.2.3
Database_server Oracle 10.2.2 10.2.2
Database_server Oracle 10.2.1 10.2.1
Database_server Oracle 10.2.1 10.2.1
Database_server Oracle 10.2.3 10.2.3
Database_server Oracle 10.2.1 10.2.1

References