2008-0339 | Oracle Database Server Remote Code Execution (BID-27229 / XFDB-39753)

By Max On Jul 30, 2021

CVSS Meta Temp Score	Current Exploit Price (≈)	CTI Interest Score
9.3	$0-$5k	0.31

A vulnerability was found in Oracle Database Server 9.2.0.8dv (Database Software). It has been classified as very critical. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01.

The weakness was published 01/17/2008 by Esteban Martinez Fayo (Alex) with Application Security, Inc. (Website). The advisory is shared at us-cert.gov. This vulnerability is uniquely identified as CVE-2008-0339 since 01/17/2008. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are unknown but a public exploit is available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 07/30/2021).

A public exploit has been developed in SQL. It is declared as proof-of-concept. The exploit is shared for download at securityfocus.com. We expect the 0-day to have been worth approximately $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 56059 (Oracle Database Multiple Vulnerabilities (January 2008 CPU)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Databases. The commercial vulnerability scanner Qualys is able to test this issue with plugin 19227 (Oracle January 2008 Security Update Multiple Vulnerabilities).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 8834.

The vulnerability is also documented in the databases at SecurityFocus (BID 27229), X-Force (39753), Vulnerability Center (SBV-17372) and Tenable (56059). Similar entries are available at 40615, 40614, 40613 and 40612.

Type

Vendor

Name

VulDB Meta Base Score: 9.8
VulDB Meta Temp Score: 9.3

VulDB Base Score: 9.8
VulDB Temp Score: 9.3
VulDB Vector: 🔍
VulDB Reliability: 🔍

AV	AC	Au	C	I	A
🔍	🔍	🔍	🔍	🔍	🔍
🔍	🔍	🔍	🔍	🔍	🔍
🔍	🔍	🔍	🔍	🔍	🔍

Vector	Complexity	Authentication	Confidentiality	Integrity	Availability
unlock	unlock	unlock	unlock	unlock	unlock
unlock	unlock	unlock	unlock	unlock	unlock
unlock	unlock	unlock	unlock	unlock	unlock

VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍

NVD Base Score: 🔍

Class: Unknown
CWE: Unknown
ATT&CK: Unknown

Local: No
Remote: Yes

Availability: 🔍
Access: Public
Status: Proof-of-Concept
Programming Language: 🔍
Download: 🔍

Price Prediction: 🔍
Current Price Estimation: 🔍

0-Day	unlock	unlock	unlock	unlock
Today	unlock	unlock	unlock	unlock

Nessus ID: 56059
Nessus Name: Oracle Database Multiple Vulnerabilities (January 2008 CPU)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍

OpenVAS ID: 802528
OpenVAS Name: Oracle Database Server Multiple Unspecified Vulnerabilities – Jan 08
OpenVAS File: 🔍
OpenVAS Family: 🔍

Saint ID: exploit_info/oracle_xdb_pitrig_truncate
Saint Name: Oracle XDB component PITRIG_TRUNCATE buffer overflow

Qualys ID: 🔍
Qualys Name: 🔍

Threat Intelligenceinfoedit

Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: no mitigation known
Status: 🔍

0-Day Time: 🔍
TippingPoint: 🔍

McAfee IPS: 🔍
McAfee IPS Version: 🔍

ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍

01/10/2008 🔍
01/15/2008 +5 days 🔍
01/17/2008 +1 days 🔍
01/17/2008 +0 days 🔍
01/17/2008 +0 days 🔍
01/20/2008 +3 days 🔍
11/16/2011 +1396 days 🔍
03/16/2015 +1216 days 🔍
04/18/2016 +399 days 🔍
07/30/2021 +1929 days 🔍Vendor: https://www.oracle.com