>Any Oracle database user with EXECUTE privilege on the package >SYS.DBMS_LOGREP_UTIL can exploit this vulnerability. Exploitation of >this vulnerability allows an attacker to execute arbitrary code. This statement is inconsistent with Oracle's CPU, which states that DB08 (CVE-2007-0274) has Partial impact on availability, and no impact on Integrity and Confidentiality. >Affected versions: Oracle Database Server versions 9iR1, 9iR2 and >10gR1 DB08 reports 9iR2 as being the earliest affected version, which is another discrepancy. - Steve
