Vulnerabilities > CVE-2006-0271 - Unspecified vulnerability in Oracle products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN oracle
nessus
Summary
Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 |
Nessus
| NASL family | Databases |
| NASL id | ORACLE_RDBMS_CPU_JAN_2006.NASL |
| description | The remote Oracle database server is missing the January 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Queuing - Change Data Capture - Connection Manager - Data Pump - Data Pump Metadata API - Dictionary - Java Net - Net Foundation Layer - Net Listener - Network Communications (RPC) - Oracle HTTP Server - Oracle Label Security - Oracle Text - Oracle Workflow Cartridge - Program Interface Network - Protocol Support - Query Optimizer - Reorganize Objects & Convert Tablespace - Security - Streams Apply - Streams Capture - Streams Subcomponent - TDE Wallet - Upgrade & Downgrade - XML Database |
| last seen | 2020-06-02 |
| modified | 2011-11-16 |
| plugin id | 56051 |
| published | 2011-11-16 |
| reporter | This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/56051 |
| title | Oracle Database Multiple Vulnerabilities (January 2006 CPU) |
Saint
| bid | 16287 |
| description | Oracle XML Component DBMS_XMLSCHEMA.GENERATESCHEMA buffer overflow |
| id | database_oracle_version |
| osvdb | 22567 |
| title | oracle_xml_generateschema |
| type | remote |
References
- http://secunia.com/advisories/18493
- http://secunia.com/advisories/18493
- http://secunia.com/advisories/18608
- http://secunia.com/advisories/18608
- http://securitytracker.com/id?1015499
- http://securitytracker.com/id?1015499
- http://www.kb.cert.org/vuls/id/545804
- http://www.kb.cert.org/vuls/id/545804
- http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html
- http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html
- http://www.osvdb.org/22566
- http://www.osvdb.org/22566
- http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html
- http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html
- http://www.securityfocus.com/bid/16287
- http://www.securityfocus.com/bid/16287
- http://www.vupen.com/english/advisories/2006/0243
- http://www.vupen.com/english/advisories/2006/0243
- http://www.vupen.com/english/advisories/2006/0323
- http://www.vupen.com/english/advisories/2006/0323
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24321
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24321