9.2.0.7

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

oracle

nessus

NVD

Published: 2006-04-20

Updated: 2024-11-21

Summary

Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB12. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the (1) GEN_RID_RANGE_BY_AREA and (2) GEN_RID_RANGE functions in the MDSYS.SDO_PRIDX package.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Database Server 9.2.0.7 Oracle Database Server 10.1.0.4	2

Nessus

NASL family	Databases
NASL id	ORACLE_RDBMS_CPU_APR_2006.NASL
description	The remote Oracle database server is missing the April 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Replication - Dictionary - Export - Log Miner - ModPL/SQL for Apache - Oracle Enterprise Manager Intelligent Agent - Oracle Spatial
last seen	2020-06-02
modified	2011-11-16
plugin id	56052
published	2011-11-16
reporter	This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/56052
title	Oracle Database Multiple Vulnerabilities (April 2006 CPU)
code	# # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(56052); script_version("1.13"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01"); script_cve_id( "CVE-2006-1705", "CVE-2006-1866", "CVE-2006-1867", "CVE-2006-1868", "CVE-2006-1869", "CVE-2006-1870", "CVE-2006-1871", "CVE-2006-1872", "CVE-2006-1873", "CVE-2006-1874", "CVE-2006-1875", "CVE-2006-1876", "CVE-2006-1877" ); script_bugtraq_id(17590); script_name(english:"Oracle Database Multiple Vulnerabilities (April 2006 CPU)"); script_summary(english:"Checks installed patch info"); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Oracle database server is missing the April 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Replication - Dictionary - Export - Log Miner - ModPL/SQL for Apache - Oracle Enterprise Manager Intelligent Agent - Oracle Spatial"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?662a5385"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the April 2006 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(89); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/18"); script_set_attribute(attribute:"patch_publication_date", value:"2006/04/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/16"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin"); exit(0); } include("oracle_rdbms_cpu_func.inc"); ################################################################################ # APR2006 patches = make_nested_array(); # RDBMS 10.1.0.4 patches["10.1.0.4"]["db"]["nix"] = make_array("patch_level", "10.1.0.4.5", "CPU", "5049067"); patches["10.1.0.4"]["db"]["win32"] = make_array("patch_level", "10.1.0.4.13", "CPU", "5059200"); # RDBMS 10.1.0.5 patches["10.1.0.5"]["db"]["nix"] = make_array("patch_level", "10.1.0.5.2", "CPU", "5049074"); patches["10.1.0.5"]["db"]["win32"] = make_array("patch_level", "10.1.0.5.2", "CPU", "5057606"); # RDBMS 10.2.0.2 patches["10.2.0.2"]["db"]["nix"] = make_array("patch_level", "10.2.0.2.1", "CPU", "5079037"); patches["10.2.0.2"]["db"]["win32"] = make_array("patch_level", "10.2.0.2.1", "CPU", "5140461"); patches["10.2.0.2"]["db"]["win64"] = make_array("patch_level", "10.2.0.2.1", "CPU", "5140567"); # RDBMS 10.2.0.1 patches["10.2.0.1"]["db"]["nix"] = make_array("patch_level", "10.2.0.1.2", "CPU", "5049080"); patches["10.2.0.1"]["db"]["win32"] = make_array("patch_level", "10.2.0.1.6", "CPU", "5059238"); patches["10.2.0.1"]["db"]["win64"] = make_array("patch_level", "10.2.0.1.6", "CPU", "5059261"); # RDBMS 10.1.0.3 patches["10.1.0.3"]["db"]["nix"] = make_array("patch_level", "10.1.0.3.6", "CPU", "5158022"); check_oracle_database(patches:patches, high_risk:TRUE);

Summary

Vulnerable Configurations

Nessus

References