Lucene search

[email protected]CVE-2006-7067

HistoryMar 02, 2007 - 9:18 p.m.

CVE-2006-7067

2007-03-0221:18:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

oracle

10g

remote code execution

cve-2006-7067

security vulnerability

7.4 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:S/C:C/I:C/A:C

0.048 Low

EPSS

Percentile

92.7%

JSON

Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an “alter session set events” command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was retracted. NOTE: this issue was called an “integer overflow” in the original source, but this might be incorrect.

CPENameOperatorVersion
oracle:database_serveroracle database servereq10.2.1

CPE	Name	Operator	Version
oracle:database_server	oracle database server	eq	10.2.1

References

lists.grok.org.uk/pipermail/full-disclosure/2006-July/048251.html

lists.grok.org.uk/pipermail/full-disclosure/2006-July/048292.html

securityreason.com/securityalert/2328

www.securityfocus.com/archive/1/441345/100/0/threaded

www.securityfocus.com/archive/1/441477/100/0/threaded

7.4 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:S/C:C/I:C/A:C

0.048 Low

EPSS

Percentile

92.7%

JSON

Related for CVE-2006-7067

cvelist1