Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1871

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2006-1871
Last Modified 22 Oct 2012 10:01:55
Published 20 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-1871

Summary

SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.5 allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package, aka Vuln# DB06.

Vulnerable Systems

Application

  • Oracle Database Server 10.1.0.5

  • Oracle Database Server 9.2.0.7


References

SECTRACK - 1015961

XF - oracle-dbmslogmnrsession-sql-injection(26047)

VUPEN - ADV-2006-1571

VUPEN - ADV-2006-1397

BID - 17590

HP - SSRT061148

HP - HPSBMA02113

BUGTRAQ - 20060418 SQL Injection in package SYS.DBMS_LOGMNR_SESSION

MISC - http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_logmnr_session.html

CONFIRM - http://www.oracle.com/technology/deploy/security/pdf/cpuapr2006.html

SECUNIA - 19859

SECUNIA - 19712

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html


Last Updated: 27 May 2016 10:42:32