Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1874

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1874
Last Modified 22 Oct 2012 10:01:55
Published 20 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1874

Summary

Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB09. NOTE: Oracle has not disputed reliable claims that this issue is SQL injection in MDSYS.PRVT_IDX using the (1) EXECUTE_INSERT, (2) EXECUTE_DELETE, (3) EXECUTE_UPDATE, (4) EXECUTE UPDATE, and (5) CRT_DUMMY functions.

Vulnerable Systems

Application

  • Oracle Database Server 8.1.7.4

  • Oracle Database Server 9.0.1.5

  • Oracle Database Server 9.2.0.6


References

XF - oracle-prvtidx-sql-injection(26053)

VUPEN - ADV-2006-1571

VUPEN - ADV-2006-1397

BID - 17590

HP - SSRT061148

HP - HPSBMA02113

MISC - http://www.red-database-security.com/advisory/oracle_cpu_apr_2006.html

CONFIRM - http://www.oracle.com/technology/deploy/security/pdf/cpuapr2006.html

SECTRACK - 1015961

SECUNIA - 19859

SECUNIA - 19712

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html


Last Updated: 27 May 2016 11:01:13