Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0272

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2006-0272
Last Modified 22 Oct 2012 09:56:07
Published 18 Jan 2006 06:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-0272

Summary

Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS.

Vulnerable Systems

Application

  • Oracle10g Enterprise 10.1.0.4

  • Oracle10g Personal 10.1.0.4

  • Oracle10g Standard 10.1.0.4

  • Oracle9i Standard 9.2.0.7


References

CERT - TA06-018A

CERT-VN - VU#891644

CERT-VN - VU#545804

CONFIRM - http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html

XF - oracle-xdbdbmx-xmlschema-bo(24376)

XF - oracle-january2006-update(24321)

VUPEN - ADV-2006-0323

VUPEN - ADV-2006-0243

BID - 16287

MISC - http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html

MISC - http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf

MISC - http://www.argeniss.com/research/ARGENISS-ADV-010601.txt

SECTRACK - 1015499

SECUNIA - 18608

SECUNIA - 18493

FULLDISC - 20060126 [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html


Last Updated: 27 May 2016 10:51:46