ID CVE-2006-5338
Summary Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5 has unknown impact and remote authenticated attack vectors related to sys.dbms_sqltune, aka Vuln# DB10. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB10 is for SQL injection in DROP_SQLSET, DELETE_SQLSET, SELECT_SQLSET, and I_SET_TUNING_PARAMETER. NOTE: some of these vectors might be in DBMS_SQLTUNE_INTERNAL.
References
Vulnerable Configurations
  • Oracle Database Server 10g 10.1.0.5
    cpe:2.3:a:oracle:database_server:10.1.0.5
  • cpe:2.3:a:oracle:database_server:10.2.0.0
CVSS
Base: 9.0 (as of 24-06-2016 - 15:09)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family Databases
NASL id ORACLE_RDBMS_CPU_OCT_2006.NASL
description The remote Oracle database server is missing the October 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Change Data Capture (CDC) - Core RDBMS - Database Scheduler - Oracle Spatial - XMLDB
last seen 2019-02-21
modified 2018-11-15
plugin id 56054
published 2011-11-16
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=56054
title Oracle Database Multiple Vulnerabilities (October 2006 CPU)
refmap via4
bid 20588
bugtraq
  • 20061018 Analysis of the Oracle October 2006 Critical Patch Update
  • 20061023 SQL Injection in package SYS.DBMS_SQLTUNE_INTERNAL
cert TA06-291A
confirm http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html
hp
  • HPSBMA02133
  • SSRT061201
misc
sectrack 1017077
secunia 22396
vupen ADV-2006-4065
saint via4
bid 20588
description Oracle Spatial component SDO_CS.TRANSFORM_LAYER buffer overflow
id database_oracle_version
osvdb 31462
title oracle_spatial_transform_layer
type remote
Last major update 29-04-2016 - 21:59
Published 17-10-2006 - 21:07
Last modified 17-10-2018 - 17:42
Back to Top