Vulnerabilities > CVE-2006-5336 - Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.2/9.2.0.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple unspecified vulnerabilities in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and have unknown impact and remote authenticated attack vectors related to (1) sys.dbms_cdc_ipublish (Vuln# DB05) and (2) sys.dbms_cdc_isubscribe (DB06). NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB05 is for SQL injection in CREATE_CHANGE_TABLE and CHANGE_TABLE_TRIGGER, and DB06 is for PL/SQL injection in the PREPARE_UNBOUNDED_VIEW procedure.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family | Databases |
NASL id | ORACLE_RDBMS_CPU_OCT_2006.NASL |
description | The remote Oracle database server is missing the October 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Change Data Capture (CDC) - Core RDBMS - Database Scheduler - Oracle Spatial - XMLDB |
last seen | 2020-06-02 |
modified | 2011-11-16 |
plugin id | 56054 |
published | 2011-11-16 |
reporter | This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/56054 |
title | Oracle Database Multiple Vulnerabilities (October 2006 CPU) |
code |
|
Saint
bid | 20588 |
description | Oracle Spatial component SDO_CS.TRANSFORM_LAYER buffer overflow |
id | database_oracle_version |
osvdb | 31462 |
title | oracle_spatial_transform_layer |
type | remote |
References
- http://secunia.com/advisories/22396
- http://securitytracker.com/id?1017077
- http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf
- http://www.kb.cert.org/vuls/id/446100
- http://www.kb.cert.org/vuls/id/716964
- http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html
- http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html
- http://www.securityfocus.com/archive/1/449110/100/0/threaded
- http://www.securityfocus.com/archive/1/449711/100/0/threaded
- http://www.securityfocus.com/bid/20588
- http://www.us-cert.gov/cas/techalerts/TA06-291A.html
- http://www.vupen.com/english/advisories/2006/4065