CVE-2006-5335 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-5335
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-5335

Description: Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) Vuln# DB04 and sys.dbms_cdc_impdp in the (a) Change Data Capture (CDC) component; (2) Vuln# DB07, (3) DB08, and (4) DB16 in sys.dbms_cdc_isubscribe in CDC; and (5) mdsys.sdo_geor_int in the (b) Oracle Spatial component, aka DB12. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that these issues are related to SQL injection in the BUMP_SEQUENCE function (DB04), CREATE_SUBSCRIPTION (DB07), EXTEND_WINDOW_LIST (DB08), SUBSCRIBE (DB16), and COMPRESSDATA (DB12).

CVE Status: Candidate

References: ST 1017077 SAID Secunia Advisory: SA22396 MISC http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf HP http://www.securityfocus.com/archive/1/archive/1/449711/100/0/threaded CONFIRM http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html CERT-VN 736324 CERT http://www.us-cert.gov/cas/techalerts/TA06-291A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/449511/100/100/threaded http://www.securityfocus.com/archive/1/archive/1/449110/100/0/threaded BID 20588

Return to the previous page.