Vulnerabilities > CVE-2006-1875 - Multiple vulnerability in Oracle Database Server 10.1.0.5/9.0.1.5/9.2.0.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB11. NOTE: Oracle has not disputed reliable researcher claims that this issue is SQL injection in MDSYS.SDO_LRS_TRIG_INS. The most severe of these vulnerabilities could possibly expose affected computers to complete compromise.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family | Databases |
NASL id | ORACLE_RDBMS_CPU_APR_2006.NASL |
description | The remote Oracle database server is missing the April 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Replication - Dictionary - Export - Log Miner - ModPL/SQL for Apache - Oracle Enterprise Manager Intelligent Agent - Oracle Spatial |
last seen | 2020-06-02 |
modified | 2011-11-16 |
plugin id | 56052 |
published | 2011-11-16 |
reporter | This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/56052 |
title | Oracle Database Multiple Vulnerabilities (April 2006 CPU) |
code |
|
References
- http://secunia.com/advisories/19712
- http://secunia.com/advisories/19859
- http://securitytracker.com/id?1015961
- http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html
- http://www.red-database-security.com/advisory/oracle_cpu_apr_2006.html
- http://www.securityfocus.com/archive/1/432267/100/0/threaded
- http://www.securityfocus.com/bid/17590
- http://www.vupen.com/english/advisories/2006/1397
- http://www.vupen.com/english/advisories/2006/1571
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26055