Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2505

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2006-2505
Last Modified 05 Sep 2008 05:04:44
Published 22 May 2006 03:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-2505

Summary

Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package.

Vulnerable Systems

Application

  • Oracle Database Server Release 2


References

CERT-VN - VU#932124

BID - 17699

BUGTRAQ - 20060427 Re: Recent Oracle exploit is _actually_ an 0day with no patch

BUGTRAQ - 20060426 Recent Oracle exploit is _actually_ an 0day with no patch

SECUNIA - 19860


Last Updated: 27 May 2016 10:42:39