Search...

CVE-2006-5338

2006-10-17T21:07:00

ID CVE-2006-5338
Type cve
Reporter NVD
Modified 2018-10-17T17:42:18

Description

Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5 has unknown impact and remote authenticated attack vectors related to sys.dbms_sqltune, aka Vuln# DB10. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB10 is for SQL injection in DROP_SQLSET, DELETE_SQLSET, SELECT_SQLSET, and I_SET_TUNING_PARAMETER. NOTE: some of these vectors might be in DBMS_SQLTUNE_INTERNAL.

JSON Vulners Source

Initial Source

{"id": "CVE-2006-5338", "bulletinFamily": "NVD", "title": "CVE-2006-5338", "description": "Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5 has unknown impact and remote authenticated attack vectors related to sys.dbms_sqltune, aka Vuln# DB10. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB10 is for SQL injection in DROP_SQLSET, DELETE_SQLSET, SELECT_SQLSET, and I_SET_TUNING_PARAMETER. NOTE: some of these vectors might be in DBMS_SQLTUNE_INTERNAL.", "published": "2006-10-17T21:07:00", "modified": "2018-10-17T17:42:18", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5338", "reporter": "NVD", "references": ["http://www.securityfocus.com/archive/1/449711/100/0/threaded", "http://www.us-cert.gov/cas/techalerts/TA06-291A.html", "http://www.vupen.com/english/advisories/2006/4065", "http://securitytracker.com/id?1017077", "http://www.securityfocus.com/archive/1/449110/100/0/threaded", "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_sqltune_internal.html", "http://www.securityfocus.com/bid/20588", "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", "http://www.securityfocus.com/archive/1/449509/100/0/threaded", "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf"], "cvelist": ["CVE-2006-5338"], "type": "cve", "lastseen": "2018-10-18T15:05:38", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:oracle:database_server:10.1.0.5", "cpe:/a:oracle:database_server:10.2.0.0"], "cvelist": ["CVE-2006-5338"], "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5 has unknown impact and remote authenticated attack vectors related to sys.dbms_sqltune, aka Vuln# DB10. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB10 is for SQL injection in DROP_SQLSET, DELETE_SQLSET, SELECT_SQLSET, and I_SET_TUNING_PARAMETER. NOTE: some of these vectors might be in DBMS_SQLTUNE_INTERNAL.", "edition": 1, "enchantments": {"score": {"modified": "2016-09-03T07:42:26", "value": 10.0, "vector": "NONE"}}, "hash": "8185baff65a6afac8f21eeeb4a6d09c729f77bf04881ad27e3e858f57f455b9a", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "af94b0dd3e0c4918e1c4f3f637938413", "key": "title"}, {"hash": "ca47e457136635d136d6402ad6cc39cb", "key": "description"}, {"hash": "1b177808820ff70cc5694afff9c4ec52", "key": "references"}, {"hash": "79873fbfdf23b50ba15c4830465d6418", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "67b6f7494fa52c392412bd40cb03c672", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "fd5a001704ecb4d13490b6c426dffeec", "key": "href"}, {"hash": "543a2996ce77dde011ca5b0c24dcabed", "key": "cpe"}, {"hash": "4ea840ff73b6affb0ff1787d26923e0e", "key": "cvss"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "1c6d12b5f1be10f7878043717fd369a5", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5338", "id": "CVE-2006-5338", "lastseen": "2016-09-03T07:42:26", "modified": "2016-04-29T21:59:05", "objectVersion": "1.2", "published": "2006-10-17T21:07:00", "references": ["http://www.securityfocus.com/archive/1/archive/1/449509/100/0/threaded", "http://www.us-cert.gov/cas/techalerts/TA06-291A.html", "http://www.vupen.com/english/advisories/2006/4065", "http://securitytracker.com/id?1017077", "http://www.securityfocus.com/archive/1/archive/1/449711/100/0/threaded", "http://www.securityfocus.com/archive/1/archive/1/449110/100/0/threaded", "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_sqltune_internal.html", "http://www.securityfocus.com/bid/20588", "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", "http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-5338", "type": "cve", "viewCount": 1}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T07:42:26"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "543a2996ce77dde011ca5b0c24dcabed"}, {"key": "cvelist", "hash": "79873fbfdf23b50ba15c4830465d6418"}, {"key": "cvss", "hash": "4ea840ff73b6affb0ff1787d26923e0e"}, {"key": "description", "hash": "ca47e457136635d136d6402ad6cc39cb"}, {"key": "href", "hash": "fd5a001704ecb4d13490b6c426dffeec"}, {"key": "modified", "hash": "1017582220835ae0ef668de2061b4bc2"}, {"key": "published", "hash": "1c6d12b5f1be10f7878043717fd369a5"}, {"key": "references", "hash": "ac1220faba29d66a2ebd403797d9ad82"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "af94b0dd3e0c4918e1c4f3f637938413"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "7d8c5db9dc6bc45bc30bf6a1a108c07f4116794398e11f9c376ac08686ae1db2", "viewCount": 1, "enchantments": {"score": {"value": 10.0, "vector": "NONE", "modified": "2018-10-18T15:05:38"}, "vulnersScore": 10.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:oracle:database_server:10.1.0.5", "cpe:/a:oracle:database_server:10.2.0.0"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"osvdb": [{"lastseen": "2017-04-28T13:20:27", "references": [], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html)\nSecurity Tracker: 1017077\n[Secunia Advisory ID:22396](https://secuniaresearch.flexerasoftware.com/advisories/22396/)\n[Related OSVDB ID: 31383](https://vulners.com/osvdb/OSVDB:31383)\n[Related OSVDB ID: 31384](https://vulners.com/osvdb/OSVDB:31384)\n[Related OSVDB ID: 31393](https://vulners.com/osvdb/OSVDB:31393)\n[Related OSVDB ID: 31399](https://vulners.com/osvdb/OSVDB:31399)\n[Related OSVDB ID: 31414](https://vulners.com/osvdb/OSVDB:31414)\n[Related OSVDB ID: 31407](https://vulners.com/osvdb/OSVDB:31407)\n[Related OSVDB ID: 31500](https://vulners.com/osvdb/OSVDB:31500)\nOther Advisory URL: http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf\nNews Article: http://news.com.com/Oracle+plugs+101+security+flaws/2100-1002_3-6126864.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0360.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0388.html\nKeyword: DB10\nFrSIRT Advisory: ADV-2006-4065\n[CVE-2006-5338](https://vulners.com/cve/CVE-2006-5338)\nBugtraq ID: 20588\n", "edition": 1, "reporter": "OSVDB", "published": "2006-10-18T06:18:53", "title": "Oracle Database Core RDBMS DBMS_SQLTUNE_INTERNAL Multiple Variable SQL Injection", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2006-5338"], "modified": "2006-10-18T06:18:53", "href": "https://vulners.com/osvdb/OSVDB:31451", "id": "OSVDB:31451", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-11-17T02:51:11", "references": ["http://www.nessus.org/u?861d82ff"], "pluginID": "56054", "description": "The remote Oracle database server is missing the October 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :\n\n - Change Data Capture (CDC)\n\n - Core RDBMS\n\n - Database Scheduler\n\n - Oracle Spatial\n\n - XMLDB", "edition": 6, "reporter": "Tenable", "published": "2011-11-16T00:00:00", "title": "Oracle Database Multiple Vulnerabilities (October 2006 CPU)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Databases", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5337", "CVE-2006-5342", "CVE-2006-5333", "CVE-2006-5341", "CVE-2006-5332", "CVE-2006-5344", "CVE-2006-5335", "CVE-2006-5336", "CVE-2006-5338", "CVE-2006-5345", "CVE-2006-5334", "CVE-2006-5340", "CVE-2006-5343", "CVE-2006-5339"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:oracle:database_server"], "id": "ORACLE_RDBMS_CPU_OCT_2006.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56054", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (!defined_func(\"nasl_level\") || nasl_level() < 5000) exit(0, \"Nessus older than 5.x\");\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56054);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\n \"CVE-2006-5332\",\n \"CVE-2006-5333\",\n \"CVE-2006-5334\",\n \"CVE-2006-5335\",\n \"CVE-2006-5336\",\n \"CVE-2006-5337\",\n \"CVE-2006-5338\",\n \"CVE-2006-5339\",\n \"CVE-2006-5340\",\n \"CVE-2006-5341\",\n \"CVE-2006-5342\",\n \"CVE-2006-5343\",\n \"CVE-2006-5344\",\n \"CVE-2006-5345\"\n );\n script_bugtraq_id(20588);\n\n script_name(english:\"Oracle Database Multiple Vulnerabilities (October 2006 CPU)\");\n script_summary(english:\"Checks installed patch info\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle database server is missing the October 2006\nCritical Patch Update (CPU) and therefore is potentially affected by\nsecurity issues in the following components :\n\n - Change Data Capture (CDC)\n\n - Core RDBMS\n\n - Database Scheduler\n\n - Oracle Spatial\n\n - XMLDB\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?861d82ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2006 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-486\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:database_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"oracle_rdbms_query_patch_info.nbin\", \"oracle_rdbms_patch_info.nbin\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"oracle_rdbms_cpu_func.inc\");\ninclude(\"misc_func.inc\");\n\n################################################################################\n# OCT2006\npatches = make_nested_array();\n\n# RDBMS 10.1.0.4\npatches[\"10.1.0.4\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.1.0.4.7\", \"CPU\", \"5490844\");\npatches[\"10.1.0.4\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"10.1.0.4.15\", \"CPU\", \"5500878\");\n# RDBMS 10.1.0.5\npatches[\"10.1.0.5\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.1.0.5.4\", \"CPU\", \"5490845\");\npatches[\"10.1.0.5\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"10.1.0.5.8\", \"CPU\", \"5500883\");\n# RDBMS 10.2.0.2\npatches[\"10.2.0.2\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.2.0.2.3\", \"CPU\", \"5490848\");\npatches[\"10.2.0.2\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"10.2.0.2.5\", \"CPU\", \"5502226\");\npatches[\"10.2.0.2\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"10.2.0.2.5\", \"CPU\", \"5500921\");\n# RDBMS 10.2.0.1\npatches[\"10.2.0.1\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.2.0.1.4\", \"CPU\", \"5490846\");\npatches[\"10.2.0.1\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"10.2.0.1.8\", \"CPU\", \"5500927\");\npatches[\"10.2.0.1\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"10.2.0.1.8\", \"CPU\", \"5500954\");\n# RDBMS 10.1.0.3\npatches[\"10.1.0.3\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.1.0.3.8\", \"CPU\", \"5566825\");\n\ncheck_oracle_database(patches:patches, high_risk:TRUE);\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}