Published: 08/02/2006 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 765

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote malicious users to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle. It is unclear which, if any, Oracle Vuln# identifiers apply to these issues.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle oracle10g personal_10.1.0.3
oracle application server 10.1.2.0.2
oracle oracle10g standard_10.1.0.3.1
oracle application server 10.1.2.1.0
oracle application server 10.1.0.3
oracle oracle10g enterprise_10.1.0.4
oracle oracle10g enterprise_10.1.0.3
oracle oracle10g enterprise_10.1.0.3.1
oracle oracle10g standard_10.1.0.2
oracle oracle10g standard_10.1.0.4
oracle application server 10.1.2.0.1
oracle oracle10g personal_10.1.0.2
oracle oracle10g standard_10.1.0.3
oracle oracle10g standard_10.1.0.5
oracle oracle10g personal_10.10.3.1
oracle application server 10.1.0.4
oracle oracle10g enterprise_10.1.0.2
oracle application server 10.1.0.2
oracle oracle10g standard_10.1.0.4.2
oracle application server 10.1.0.3.1
oracle application server 10.1.2
oracle oracle10g personal_10.1.0.4

#!/usr/bin/perl # # Remote Oracle KUPV$FTATTACH_JOB exploit (10g) # # Grant or revoke dba permission to unprivileged user # # Tested on "Oracle Database 10g Enterprise Edition Release 101030" # # REF: wwwsecurityfocuscom/bid/16294 # # AUTHOR: Andrea "bunker" Purificato # rawlabmindcreationscom # # DATE: ...

#!/usr/bin/perl # # Remote Oracle KUPV$FTATTACH_JOB exploit (10g) # - Version 2 - New "evil cursor injection" tip! # - No "create procedure" privileg needed! # - See: wwwdatabasesecuritycom/ (Cursor Injection) # # Grant or revoke dba permission to unprivileged user # # Tested on "Oracle Database 10g Enterprise Edition Release 10103 ...

/** * Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 * Joxean Koret <joxeankoret@yahooes> * Privileges needed: * * - EXECUTE_CATALOG_ROLE * - CREATE PROCEDURE * */ select * from user_role_privs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENT_USER IS PRAGMA AUTONOMOUS_TRANSACTION; BEGIN EXECUTE IMMEDIATE 'GRANT DBA TO TES ...

CWE-89 http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041499.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041498.html http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html http://www.securityfocus.com/bid/16294 http://www.osvdb.org/22839 http://www.osvdb.org/22840 https://exchange.xforce.ibmcloud.com/vulnerabilities/24197 https://exchange.xforce.ibmcloud.com/vulnerabilities/24195 http://www.securityfocus.com/archive/1/422424/30/7370/threaded http://www.securityfocus.com/archive/1/422423/30/7370/threaded http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft.html http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft_int.html https://nvd.nist.gov https://www.exploit-db.com/exploits/3359/

CVE-2006-0586

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect