Vulnerabilities > CVE-2006-0259 - Multiple vulnerability in Oracle Database Server 10.1.0.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple unspecified vulnerabilities in Oracle Database server 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB04 and (2) DB06 in the (a) Data Pump component; (3) DB10 in the (b) Net Listener component; and (4) DB16 in the (c) Oracle Text component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB06 is SQL injection in the GENERATE_JOB_NAME, GET_WORKERSTATUSLIST1010, GET_PARAMVALUES1010, GET_DUMPFILESET1010, GET_JOBSTATUS1010, ATTACH, and ESTABLISH_REMOTE_CONTEXT functions in DBMS_DATAPUMP.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Databases |
| NASL id | ORACLE_RDBMS_CPU_JAN_2006.NASL |
| description | The remote Oracle database server is missing the January 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Queuing - Change Data Capture - Connection Manager - Data Pump - Data Pump Metadata API - Dictionary - Java Net - Net Foundation Layer - Net Listener - Network Communications (RPC) - Oracle HTTP Server - Oracle Label Security - Oracle Text - Oracle Workflow Cartridge - Program Interface Network - Protocol Support - Query Optimizer - Reorganize Objects & Convert Tablespace - Security - Streams Apply - Streams Capture - Streams Subcomponent - TDE Wallet - Upgrade & Downgrade - XML Database |
| last seen | 2020-06-02 |
| modified | 2011-11-16 |
| plugin id | 56051 |
| published | 2011-11-16 |
| reporter | This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/56051 |
| title | Oracle Database Multiple Vulnerabilities (January 2006 CPU) |
Saint
| bid | 16287 |
| description | Oracle XML Component DBMS_XMLSCHEMA.GENERATESCHEMA buffer overflow |
| id | database_oracle_version |
| osvdb | 22567 |
| title | oracle_xml_generateschema |
| type | remote |
References
- http://secunia.com/advisories/18493
- http://secunia.com/advisories/18608
- http://securitytracker.com/id?1015499
- http://www.kb.cert.org/vuls/id/545804
- http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html
- http://www.osvdb.org/22544
- http://www.securityfocus.com/bid/16287
- http://www.vupen.com/english/advisories/2006/0243
- http://www.vupen.com/english/advisories/2006/0323
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24321