Vulnerabilities > CVE-2006-3705 - Multiple vulnerability in Oracle Database Server 10.1.0.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB21 is for a local SQL injection vulnerability in SYS.DBMS_STATS, and that DB22 is for SQL injection in SYS.DBMS_UPGRADE.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Databases |
NASL id | ORACLE_RDBMS_CPU_JUL_2006.NASL |
description | The remote Oracle database server is missing the July 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Change Data Capture (CDC) - Core RDBMS - Data Pump Metadata API - Dictionary - Export - InterMedia - OCI - Oracle ODBC Driver - Query Rewrite/Summary Management - RPC - Semantic Analysis - Statistics - Upgrade/Downgrade - Web Distributed Authoring and Versionin (DAV) - XMLDB |
last seen | 2020-06-02 |
modified | 2011-11-16 |
plugin id | 56053 |
published | 2011-11-16 |
reporter | This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/56053 |
title | Oracle Database Multiple Vulnerabilities (July 2006 CPU) |
code |
|
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047992.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047993.html
- http://secunia.com/advisories/21111
- http://secunia.com/advisories/21165
- http://securityreason.com/securityalert/1251
- http://securitytracker.com/id?1016529
- http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html
- http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html
- http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_stats.html
- http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_upgrade.html
- http://www.securityfocus.com/archive/1/440447/100/0/threaded
- http://www.securityfocus.com/archive/1/440453/100/0/threaded
- http://www.securityfocus.com/archive/1/440758/100/100/threaded
- http://www.securityfocus.com/bid/19054
- http://www.us-cert.gov/cas/techalerts/TA06-200A.html
- http://www.vupen.com/english/advisories/2006/2863
- http://www.vupen.com/english/advisories/2006/2947
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27886
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27887
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27897