ID CVE-2005-4832
Summary SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2
    cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2
  • cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3
    cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3
  • cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3.1
    cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3.1
  • cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.4
    cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.4
  • cpe:2.3:a:oracle:oracle10g:enterprise_10.2.3
    cpe:2.3:a:oracle:oracle10g:enterprise_10.2.3
  • cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4.0
    cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4.0
  • cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0
    cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0
  • cpe:2.3:a:oracle:oracle10g:personal_10.1.0.2
    cpe:2.3:a:oracle:oracle10g:personal_10.1.0.2
  • cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3
    cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3
  • cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3.1
    cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3.1
  • cpe:2.3:a:oracle:oracle10g:personal_10.1.0.4
    cpe:2.3:a:oracle:oracle10g:personal_10.1.0.4
  • cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2
    cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2
  • cpe:2.3:a:oracle:oracle10g:personal_10.10.3.1
    cpe:2.3:a:oracle:oracle10g:personal_10.10.3.1
  • cpe:2.3:a:oracle:oracle10g:personal_10.2.3
    cpe:2.3:a:oracle:oracle10g:personal_10.2.3
  • cpe:2.3:a:oracle:oracle10g:personal_9.0.4.0
    cpe:2.3:a:oracle:oracle10g:personal_9.0.4.0
  • cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0
    cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0
  • cpe:2.3:a:oracle:oracle10g:standard_10.1.0.2
    cpe:2.3:a:oracle:oracle10g:standard_10.1.0.2
  • cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3
    cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3
  • cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3.1
    cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3.1
  • cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4
    cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4
  • cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4.2
    cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4.2
  • cpe:2.3:a:oracle:oracle10g:standard_10.1.0.5
    cpe:2.3:a:oracle:oracle10g:standard_10.1.0.5
  • cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2
    cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2
  • cpe:2.3:a:oracle:oracle10g:standard_10.2.0.1
    cpe:2.3:a:oracle:oracle10g:standard_10.2.0.1
  • cpe:2.3:a:oracle:oracle10g:standard_10.2.3
    cpe:2.3:a:oracle:oracle10g:standard_10.2.3
  • cpe:2.3:a:oracle:oracle10g:standard_9.0.4.0
    cpe:2.3:a:oracle:oracle10g:standard_9.0.4.0
  • cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0
    cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0
CVSS
Base: 7.5 (as of 08-03-2007 - 15:45)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description Oracle 10g Database SUBSCRIPTION_NAME Remote SQL Injection Vulnerability (1). CVE-2005-4832 . Remote exploits for multiple platform
    id EDB-ID:25452
    last seen 2016-02-03
    modified 2007-02-23
    published 2007-02-23
    reporter bunker
    source https://www.exploit-db.com/download/25452/
    title Oracle 10g Database SUBSCRIPTION_NAME Remote SQL Injection Vulnerability 1
  • description Oracle 10g Database SUBSCRIPTION_NAME Remote SQL Injection Vulnerability (2). CVE-2005-4832 . Remote exploits for multiple platform
    id EDB-ID:25453
    last seen 2016-02-03
    modified 2007-02-26
    published 2007-02-26
    reporter bunker
    source https://www.exploit-db.com/download/25453/
    title Oracle 10g Database SUBSCRIPTION_NAME Remote SQL Injection Vulnerability 2
metasploit via4
description This module will escalate an Oracle DB user to DBA by exploiting a sql injection bug in the SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION package/function. This vulnerability affects to Oracle Database Server 9i up to 9.2.0.5 and 10g up to 10.1.0.4.
id MSF:AUXILIARY/SQLI/ORACLE/DBMS_CDC_SUBSCRIBE_ACTIVATE_SUBSCRIPTION
last seen 2018-08-16
modified 2017-08-29
published 2011-12-13
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/sqli/oracle/dbms_cdc_subscribe_activate_subscription.rb
title Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION
nessus via4
NASL family Databases
NASL id ORACLE_MULTIPLE.NASL
description According to its version number, the installation of Oracle on the remote host is reportedly subject to multiple vulnerabilities, some of which don't require authentication. They may allow an attacker to craft SQL queries such that they would be able to retrieve any file on the system and potentially retrieve and/or modify confidential data on the target's Oracle server.
last seen 2019-02-21
modified 2018-07-18
plugin id 18034
published 2005-04-13
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=18034
title Oracle Database 10g Multiple Remote Vulnerabilities
refmap via4
bid 13236
bugtraq
  • 20050418 [AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages
  • 20050711 Re: Problems with the Oracle Critical Patch Update for April 2005
confirm http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf
misc
xf oracle-subscriptionname-sql-injection(20159)
Last major update 05-09-2008 - 16:57
Published 31-12-2005 - 00:00
Last modified 28-07-2017 - 21:29
Back to Top