Search...

CVE-2006-5338

2006-10-17T21:07:00

ID CVE-2006-5338
Type cve
Reporter NVD
Modified 2016-04-29T21:59:05

Description

Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5 has unknown impact and remote authenticated attack vectors related to sys.dbms_sqltune, aka Vuln# DB10. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB10 is for SQL injection in DROP_SQLSET, DELETE_SQLSET, SELECT_SQLSET, and I_SET_TUNING_PARAMETER. NOTE: some of these vectors might be in DBMS_SQLTUNE_INTERNAL.

JSON Vulners Source

Initial Source

{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5338", "history": [], "references": ["http://www.securityfocus.com/archive/1/archive/1/449509/100/0/threaded", "http://www.us-cert.gov/cas/techalerts/TA06-291A.html", "http://www.vupen.com/english/advisories/2006/4065", "http://securitytracker.com/id?1017077", "http://www.securityfocus.com/archive/1/archive/1/449711/100/0/threaded", "http://www.securityfocus.com/archive/1/archive/1/449110/100/0/threaded", "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_sqltune_internal.html", "http://www.securityfocus.com/bid/20588", "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf"], "lastseen": "2016-09-03T07:42:26", "bulletinFamily": "NVD", "title": "CVE-2006-5338", "cpe": ["cpe:/a:oracle:database_server:10.1.0.5", "cpe:/a:oracle:database_server:10.2.0.0"], "viewCount": 1, "id": "CVE-2006-5338", "hash": "0796ee044f510316fd9079299ebcf0d102d1eaf5d5f8b3e5d99432b6daeb5f29", "description": "Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5 has unknown impact and remote authenticated attack vectors related to sys.dbms_sqltune, aka Vuln# DB10. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB10 is for SQL injection in DROP_SQLSET, DELETE_SQLSET, SELECT_SQLSET, and I_SET_TUNING_PARAMETER. NOTE: some of these vectors might be in DBMS_SQLTUNE_INTERNAL.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2006-5338"], "scanner": [], "modified": "2016-04-29T21:59:05", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2006-10-17T21:07:00", "enchantments": {"score": {"value": 10.0, "vector": "NONE", "modified": "2016-09-03T07:42:26"}, "vulnersScore": 10.0}}

{"osvdb": [{"lastseen": "2017-04-28T13:20:27", "references": [], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html)\nSecurity Tracker: 1017077\n[Secunia Advisory ID:22396](https://secuniaresearch.flexerasoftware.com/advisories/22396/)\n[Related OSVDB ID: 31383](https://vulners.com/osvdb/OSVDB:31383)\n[Related OSVDB ID: 31384](https://vulners.com/osvdb/OSVDB:31384)\n[Related OSVDB ID: 31393](https://vulners.com/osvdb/OSVDB:31393)\n[Related OSVDB ID: 31399](https://vulners.com/osvdb/OSVDB:31399)\n[Related OSVDB ID: 31414](https://vulners.com/osvdb/OSVDB:31414)\n[Related OSVDB ID: 31407](https://vulners.com/osvdb/OSVDB:31407)\n[Related OSVDB ID: 31500](https://vulners.com/osvdb/OSVDB:31500)\nOther Advisory URL: http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf\nNews Article: http://news.com.com/Oracle+plugs+101+security+flaws/2100-1002_3-6126864.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0360.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0388.html\nKeyword: DB10\nFrSIRT Advisory: ADV-2006-4065\n[CVE-2006-5338](https://vulners.com/cve/CVE-2006-5338)\nBugtraq ID: 20588\n", "edition": 1, "reporter": "OSVDB", "published": "2006-10-18T06:18:53", "title": "Oracle Database Core RDBMS DBMS_SQLTUNE_INTERNAL Multiple Variable SQL Injection", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2006-5338"], "modified": "2006-10-18T06:18:53", "href": "https://vulners.com/osvdb/OSVDB:31451", "id": "OSVDB:31451", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:34:47", "references": ["http://www.nessus.org/u?65b42037"], "pluginID": "56054", "description": "The remote Oracle database server is missing the October 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :\n\n - Change Data Capture (CDC)\n\n - Core RDBMS\n\n - Database Scheduler\n\n - Oracle Spatial\n\n - XMLDB", "edition": 5, "reporter": "Tenable", "published": "2011-11-16T00:00:00", "title": "Oracle Database Multiple Vulnerabilities (October 2006 CPU)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Databases", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5337", "CVE-2006-5342", "CVE-2006-5333", "CVE-2006-5341", "CVE-2006-5332", "CVE-2006-5344", "CVE-2006-5335", "CVE-2006-5336", "CVE-2006-5338", "CVE-2006-5345", "CVE-2006-5334", "CVE-2006-5340", "CVE-2006-5343", "CVE-2006-5339"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/a:oracle:database_server"], "id": "ORACLE_RDBMS_CPU_OCT_2006.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56054", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (!defined_func(\"nasl_level\") || nasl_level() < 5000) exit(0, \"Nessus older than 5.x\");\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56054);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/18 17:43:55\");\n\n script_cve_id(\n \"CVE-2006-5332\",\n \"CVE-2006-5333\",\n \"CVE-2006-5334\",\n \"CVE-2006-5335\",\n \"CVE-2006-5336\",\n \"CVE-2006-5337\",\n \"CVE-2006-5338\",\n \"CVE-2006-5339\",\n \"CVE-2006-5340\",\n \"CVE-2006-5341\",\n \"CVE-2006-5342\",\n \"CVE-2006-5343\",\n \"CVE-2006-5344\",\n \"CVE-2006-5345\"\n );\n script_bugtraq_id(20588);\n\n script_name(english:\"Oracle Database Multiple Vulnerabilities (October 2006 CPU)\");\n script_summary(english:\"Checks installed patch info\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle database server is missing the October 2006\nCritical Patch Update (CPU) and therefore is potentially affected by\nsecurity issues in the following components :\n\n - Change Data Capture (CDC)\n\n - Core RDBMS\n\n - Database Scheduler\n\n - Oracle Spatial\n\n - XMLDB\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?65b42037\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2006 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-486\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:database_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"oracle_rdbms_query_patch_info.nbin\", \"oracle_rdbms_patch_info.nbin\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"oracle_rdbms_cpu_func.inc\");\ninclude(\"misc_func.inc\");\n\n################################################################################\n# OCT2006\npatches = make_nested_array();\n\n# RDBMS 10.1.0.4\npatches[\"10.1.0.4\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.1.0.4.7\", \"CPU\", \"5490844\");\npatches[\"10.1.0.4\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"10.1.0.4.15\", \"CPU\", \"5500878\");\n# RDBMS 10.1.0.5\npatches[\"10.1.0.5\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.1.0.5.4\", \"CPU\", \"5490845\");\npatches[\"10.1.0.5\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"10.1.0.5.8\", \"CPU\", \"5500883\");\n# RDBMS 10.2.0.2\npatches[\"10.2.0.2\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.2.0.2.3\", \"CPU\", \"5490848\");\npatches[\"10.2.0.2\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"10.2.0.2.5\", \"CPU\", \"5502226\");\npatches[\"10.2.0.2\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"10.2.0.2.5\", \"CPU\", \"5500921\");\n# RDBMS 10.2.0.1\npatches[\"10.2.0.1\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.2.0.1.4\", \"CPU\", \"5490846\");\npatches[\"10.2.0.1\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"10.2.0.1.8\", \"CPU\", \"5500927\");\npatches[\"10.2.0.1\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"10.2.0.1.8\", \"CPU\", \"5500954\");\n# RDBMS 10.1.0.3\npatches[\"10.1.0.3\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.1.0.3.8\", \"CPU\", \"5566825\");\n\ncheck_oracle_database(patches:patches, high_risk:TRUE);\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}