Lucene search

SAINT CorporationSAINT:BDA653B993853A80CC47B87DE1CE3FD7

HistoryNov 03, 2006 - 12:00 a.m.

Oracle XML Component DBMS_XMLSCHEMA.GENERATESCHEMA buffer overflow

2006-11-0300:00:00

SAINT Corporation

my.saintcorporation.com

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.951 High

EPSS

Percentile

99.3%

JSON

Added: 11/03/2006
CVE: CVE-2006-0272
BID: 16287
OSVDB: 22567

Background

Oracle Database Server includes the **DBMS_XMLSCHEMA** component, which contains procedures for managing XML schemas.

Problem

A buffer overflow vulnerability in the **DBMS_XMLSCHEMA.GENERATESCHEMA** procedure allows database users to execute arbitrary commands.

Resolution

Install the patch referenced in the January 2006 Critical Patch Update.

References

<http://www.kb.cert.org/vuls/id/545804>
<http://archives.neohapsis.com/archives/vulnwatch/2006-q1/0037.html>

Limitations

Exploit works on Oracle Database 10.1.0.2 and 9.2.0.1 and requires the login and password to an Oracle account with connect privileges.

Platforms

Windows

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.951 High

EPSS

Percentile

99.3%

JSON

Related for SAINT:BDA653B993853A80CC47B87DE1CE3FD7