Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0269

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2006-0269
Last Modified 22 Oct 2012 09:56:06
Published 18 Jan 2006 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-0269

Summary

Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB25. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the SET_DIRECTORY_ROOT function in the DBMS_CDC_PUBLISH package.

Vulnerable Systems

Application

  • Oracle10g Standard 10.1.0.5

  • Oracle10g Standard 10.2.0.1


References

CERT-VN - VU#545804

CONFIRM - http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html

XF - oracle-january2006-update(24321)

VUPEN - ADV-2006-0323

VUPEN - ADV-2006-0243

BID - 16287

MISC - http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html

OSVDB - 22563

SECTRACK - 1015499

SECUNIA - 18608

SECUNIA - 18493

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html


Last Updated: 27 May 2016 10:53:42