Vulnerabilities > CVE-2006-3698 - Unspecified vulnerability in Oracle Database Server 10.1.0.5

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

oracle

nessus

NVD

Published: 2006-07-21

Updated: 2023-11-07

Summary

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump Metadata API. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB01 is related to multiple SQL injection vulnerabilities in SYS.DBMS_CDC_IMPDP using the (a) IMPORT_CHANGE_SET, (b) IMPORT_CHANGE_TABLE, (c) IMPORT_CHANGE_COLUMN, (d) IMPORT_SUBSCRIBER, (e) IMPORT_SUBSCRIBED_TABLE, (f) IMPORT_SUBSCRIBED_COLUMN, (g) VALIDATE_IMPORT, (h) VALIDATE_CHANGE_SET, (i) VALIDATE_CHANGE_TABLE, and (j) VALIDATE_SUBSCRIPTION procedures, and that DB03 is for SQL injection in the MAIN procedure for SYS.KUPW$WORKER.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Database Server 10.1.0.5	1

Nessus

NASL family	Databases
NASL id	ORACLE_RDBMS_CPU_JUL_2006.NASL
description	The remote Oracle database server is missing the July 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Change Data Capture (CDC) - Core RDBMS - Data Pump Metadata API - Dictionary - Export - InterMedia - OCI - Oracle ODBC Driver - Query Rewrite/Summary Management - RPC - Semantic Analysis - Statistics - Upgrade/Downgrade - Web Distributed Authoring and Versionin (DAV) - XMLDB
last seen	2020-06-02
modified	2011-11-16
plugin id	56053
published	2011-11-16
reporter	This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/56053
title	Oracle Database Multiple Vulnerabilities (July 2006 CPU)
code	# # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(56053); script_version("1.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01"); script_cve_id( "CVE-2006-3698", "CVE-2006-3699", "CVE-2006-3700", "CVE-2006-3701", "CVE-2006-3702", "CVE-2006-3703", "CVE-2006-3704", "CVE-2006-3705" ); script_bugtraq_id(19054); script_name(english:"Oracle Database Multiple Vulnerabilities (July 2006 CPU)"); script_summary(english:"Checks installed patch info"); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Oracle database server is missing the July 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Change Data Capture (CDC) - Core RDBMS - Data Pump Metadata API - Dictionary - Export - InterMedia - OCI - Oracle ODBC Driver - Query Rewrite/Summary Management - RPC - Semantic Analysis - Statistics - Upgrade/Downgrade - Web Distributed Authoring and Versionin (DAV) - XMLDB"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5dd6ca42"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the July 2006 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/18"); script_set_attribute(attribute:"patch_publication_date", value:"2006/07/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/16"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin"); exit(0); } include("oracle_rdbms_cpu_func.inc"); ################################################################################ # JUL2006 patches = make_nested_array(); # RDBMS 10.1.0.4 patches["10.1.0.4"]["db"]["nix"] = make_array("patch_level", "10.1.0.4.6", "CPU", "5225796"); patches["10.1.0.4"]["db"]["win32"] = make_array("patch_level", "10.1.0.4.14", "CPU", "5239736"); # RDBMS 10.1.0.5 patches["10.1.0.5"]["db"]["nix"] = make_array("patch_level", "10.1.0.5.3", "CPU", "5225797"); patches["10.1.0.5"]["db"]["win32"] = make_array("patch_level", "10.1.0.5.5", "CPU", "5251148"); # RDBMS 10.2.0.2 patches["10.2.0.2"]["db"]["nix"] = make_array("patch_level", "10.2.0.2.2", "CPU", "5225799"); patches["10.2.0.2"]["db"]["win32"] = make_array("patch_level", "10.2.0.2.4", "CPU", "5251025"); patches["10.2.0.2"]["db"]["win64"] = make_array("patch_level", "10.2.0.2.4", "CPU", "5251028"); # RDBMS 10.2.0.1 patches["10.2.0.1"]["db"]["nix"] = make_array("patch_level", "10.2.0.1.3", "CPU", "5225798"); patches["10.2.0.1"]["db"]["win32"] = make_array("patch_level", "10.2.0.1.7", "CPU", "5239698"); patches["10.2.0.1"]["db"]["win64"] = make_array("patch_level", "10.2.0.1.7", "CPU", "5239701"); # RDBMS 10.1.0.3 patches["10.1.0.3"]["db"]["nix"] = make_array("patch_level", "10.1.0.3.7", "CPU", "5435164"); check_oracle_database(patches:patches, high_risk:TRUE);

Summary

Vulnerable Configurations

Nessus

References