Vulnerabilities > CVE-2006-5338 - Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5 has unknown impact and remote authenticated attack vectors related to sys.dbms_sqltune, aka Vuln# DB10. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB10 is for SQL injection in DROP_SQLSET, DELETE_SQLSET, SELECT_SQLSET, and I_SET_TUNING_PARAMETER. NOTE: some of these vectors might be in DBMS_SQLTUNE_INTERNAL.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | Databases |
NASL id | ORACLE_RDBMS_CPU_OCT_2006.NASL |
description | The remote Oracle database server is missing the October 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Change Data Capture (CDC) - Core RDBMS - Database Scheduler - Oracle Spatial - XMLDB |
last seen | 2020-06-02 |
modified | 2011-11-16 |
plugin id | 56054 |
published | 2011-11-16 |
reporter | This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/56054 |
title | Oracle Database Multiple Vulnerabilities (October 2006 CPU) |
code |
|
Saint
bid | 20588 |
description | Oracle Spatial component SDO_CS.TRANSFORM_LAYER buffer overflow |
id | database_oracle_version |
osvdb | 31462 |
title | oracle_spatial_transform_layer |
type | remote |
References
- http://secunia.com/advisories/22396
- http://securitytracker.com/id?1017077
- http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf
- http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html
- http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html
- http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_sqltune_internal.html
- http://www.securityfocus.com/archive/1/449110/100/0/threaded
- http://www.securityfocus.com/archive/1/449509/100/0/threaded
- http://www.securityfocus.com/archive/1/449711/100/0/threaded
- http://www.securityfocus.com/bid/20588
- http://www.us-cert.gov/cas/techalerts/TA06-291A.html
- http://www.vupen.com/english/advisories/2006/4065