CVE-2006-3702 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-3702
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3702

Description: Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, and (16) DBC04 for RPC; and (17) DB20 for Semantic Analysis. NOTE: as of 20060719, Oracle has not disputed third party claims that DB06 is related to "SQL injection" using DBMS_EXPORT_EXTENSION with a modified ODCIIndexGetMetadata routine and a call to GET_DOMAIN_INDEX_METADATA, in which case DB06 might be CVE-2006-2081.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/27897 ST 1016529 SAID Secunia Advisory: SA21111 Secunia Advisory: SA21165 MISC http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html http://www.red-database-security.com/exploits/oracle-sql-injection-oracle-dbms_export_extension.html HP http://www.securityfocus.com/archive/1/archive/1/440758/100/100/threaded CONFIRM http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2006.html CERT-VN 932124 CERT http://www.us-cert.gov/cas/techalerts/TA06-200A.html BID 19054

Return to the previous page.