CVE-2006-0586

Published: 08/02/2006 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 765

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote malicious users to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle. It is unclear which, if any, Oracle Vuln# identifiers apply to these issues.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle oracle10g personal 10.1.0.3
oracle application server 10.1.2.0.2
oracle oracle10g standard 10.1.0.3.1
oracle application server 10.1.2.1.0
oracle application server 10.1.0.3
oracle oracle10g enterprise 10.1.0.4
oracle oracle10g enterprise 10.1.0.3
oracle oracle10g enterprise 10.1.0.3.1
oracle oracle10g standard 10.1.0.2
oracle oracle10g standard 10.1.0.4
oracle application server 10.1.2.0.1
oracle oracle10g personal 10.1.0.2
oracle oracle10g standard 10.1.0.3
oracle oracle10g standard 10.1.0.5
oracle oracle10g personal 10.10.3.1
oracle application server 10.1.0.4
oracle oracle10g enterprise 10.1.0.2
oracle application server 10.1.0.2
oracle oracle10g standard 10.1.0.4.2
oracle application server 10.1.0.3.1
oracle application server 10.1.2
oracle oracle10g personal 10.1.0.4

#!/usr/bin/perl # # Remote Oracle KUPV$FTATTACH_JOB exploit (10g) # # Grant or revoke dba permission to unprivileged user # # Tested on "Oracle Database 10g Enterprise Edition Release 101030" # # REF: wwwsecurityfocuscom/bid/16294 # # AUTHOR: Andrea "bunker" Purificato # rawlabmindcreationscom # # DATE: ...

#!/usr/bin/perl # # Remote Oracle KUPV$FTATTACH_JOB exploit (10g) # - Version 2 - New "evil cursor injection" tip! # - No "create procedure" privileg needed! # - See: wwwdatabasesecuritycom/ (Cursor Injection) # # Grant or revoke dba permission to unprivileged user # # Tested on "Oracle Database 10g Enterprise Edition Release 10103 ...

/** * Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 * Joxean Koret <joxeankoret@yahooes> * Privileges needed: * * - EXECUTE_CATALOG_ROLE * - CREATE PROCEDURE * */ select * from user_role_privs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENT_USER IS PRAGMA AUTONOMOUS_TRANSACTION; BEGIN EXECUTE IMMEDIATE 'GRANT DBA TO TES ...

CWE-89 http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041499.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041498.html http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html http://www.securityfocus.com/bid/16294 http://www.osvdb.org/22839 http://www.osvdb.org/22840 https://exchange.xforce.ibmcloud.com/vulnerabilities/24197 https://exchange.xforce.ibmcloud.com/vulnerabilities/24195 http://www.securityfocus.com/archive/1/422424/30/7370/threaded http://www.securityfocus.com/archive/1/422423/30/7370/threaded http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft.html http://www.red-database-security.com/advisory/oracle_sql_injection_kupv%24ft_int.html https://nvd.nist.gov https://www.exploit-db.com/exploits/3359/

CVE-2006-0586

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect