CVE-2006-3702 Information

Description

Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 9.0.1.5 9.2.0.7 10.1.0.5 and 10.2.0.2 have unknown impact and attack vectors aka Oracle Vuln (1) DB06 in Export; (2) DB08 (3) DB09 (4) DB10 (5) DB11 (6) DB12 (7) DB13 (8) DB14 and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17 (12) DB18 (13) DB19 (14) DBC02 (15) DBC03 and (16) DBC04 for RPC; and (17) DB20 for Semantic Analysis. NOTE: as of 20060719 Oracle has not disputed third party claims that DB06 is related to \SQL injection\ using DBMS_EXPORT_EXTENSION with a modified ODCIIndexGetMetadata routine and a call to GET_DOMAIN_INDEX_METADATA in which case DB06 might be CVE-2006-2081.

Reference

http://secunia.com/advisories/21111 http://secunia.com/advisories/21165 http://securitytracker.com/id?1016529 http://www.kb.cert.org/vuls/id/932124 http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html http://www.red-database-security.com/exploits/oracle-sql-injection-oracle-dbms_export_extension.html http://www.securityfocus.com/archive/1/440758/100/100/threaded http://www.securityfocus.com/bid/19054 http://www.us-cert.gov/cas/techalerts/TA06-200A.html http://www.vupen.com/english/advisories/2006/2863 http://www.vupen.com/english/advisories/2006/2947 https://exchange.xforce.ibmcloud.com/vulnerabilities/27897