Vulnerabilities > CVE-2006-0265 - Unspecified vulnerability in Oracle Database Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN oracle
nessus
Summary
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB17 involves SQL injection in the (a) VALIDATE_STATEMENT and BUILD_DML functions in CTXSYS.DRILOAD; (b) CLEAN_DML function in CTXSYS.DRIDML; (c) GET_ROWID function in CTXSYS.CTX_DOC; (d) BROWSE_WORDS function in CTXSYS.CTX_QUERY; and (e) ODCIINDEXTRUNCATE, ODCIINDEXDROP, and ODCIINDEXDELETE functions in CATINDEXMETHODS.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Nessus
| NASL family | Databases |
| NASL id | ORACLE_RDBMS_CPU_JAN_2006.NASL |
| description | The remote Oracle database server is missing the January 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Queuing - Change Data Capture - Connection Manager - Data Pump - Data Pump Metadata API - Dictionary - Java Net - Net Foundation Layer - Net Listener - Network Communications (RPC) - Oracle HTTP Server - Oracle Label Security - Oracle Text - Oracle Workflow Cartridge - Program Interface Network - Protocol Support - Query Optimizer - Reorganize Objects & Convert Tablespace - Security - Streams Apply - Streams Capture - Streams Subcomponent - TDE Wallet - Upgrade & Downgrade - XML Database |
| last seen | 2020-06-02 |
| modified | 2011-11-16 |
| plugin id | 56051 |
| published | 2011-11-16 |
| reporter | This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/56051 |
| title | Oracle Database Multiple Vulnerabilities (January 2006 CPU) |
Saint
| bid | 16287 |
| description | Oracle XML Component DBMS_XMLSCHEMA.GENERATESCHEMA buffer overflow |
| id | database_oracle_version |
| osvdb | 22567 |
| title | oracle_xml_generateschema |
| type | remote |
References
- http://secunia.com/advisories/18493
- http://secunia.com/advisories/18493
- http://secunia.com/advisories/18608
- http://secunia.com/advisories/18608
- http://securitytracker.com/id?1015499
- http://securitytracker.com/id?1015499
- http://www.kb.cert.org/vuls/id/545804
- http://www.kb.cert.org/vuls/id/545804
- http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html
- http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html
- http://www.osvdb.org/22555
- http://www.osvdb.org/22555
- http://www.osvdb.org/22639
- http://www.osvdb.org/22639
- http://www.osvdb.org/22640
- http://www.osvdb.org/22640
- http://www.osvdb.org/22641
- http://www.osvdb.org/22641
- http://www.osvdb.org/22642
- http://www.osvdb.org/22642
- http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html
- http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html
- http://www.securityfocus.com/bid/16287
- http://www.securityfocus.com/bid/16287
- http://www.vupen.com/english/advisories/2006/0243
- http://www.vupen.com/english/advisories/2006/0243
- http://www.vupen.com/english/advisories/2006/0323
- http://www.vupen.com/english/advisories/2006/0323
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24321
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24321