Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1866

Overview

Vulnerability Score 9.7 9.7
CVE Id CVE-2006-1866
Last Modified 22 Oct 2012 10:01:54
Published 20 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1866

Summary

Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and other versions have unknown impact and attack vectors in the (1) Advanced Replication component, as identified by Vuln# DB01, and (2) Oracle Spatial component, as identified by Vuln# DB10. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that DB01 is an unknown issue in the DBMS_REPUTIL package, and DB10 is SQL injection in the INSERT_CATALOG, UPDATE_CATALOG, and DELETE_CATALOG functions of the SDO_CATALOG package.

Vulnerable Systems

Application

  • Oracle Database Server 10.1.0.5

  • Oracle Database Server 8.1.7.4

  • Oracle Database Server 9.0.1.5

  • Oracle Database Server 9.2.0.7


References

CERT - TA06-109A

CERT-VN - VU#139049

CONFIRM - http://www.oracle.com/technology/deploy/security/pdf/cpuapr2006.html

SECTRACK - 1015961

SECUNIA - 19712

XF - oracle-sdocatalog-sql-injection(26054)

XF - oracle-dbmsreputil-sql-injection(26050)

VUPEN - ADV-2006-1571

VUPEN - ADV-2006-1397

BID - 17590

HP - SSRT061148

MISC - http://www.red-database-security.com/advisory/oracle_cpu_apr_2006.html

SECUNIA - 19859

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html

HP - HPSBMA02113


Last Updated: 27 May 2016 11:01:12