CVE-2006-5336 Information

Feb 14, 2021 cve

Description

Multiple unspecified vulnerabilities in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7 10.1.0.5 and have unknown impact and remote authenticated attack vectors related to (1) sys.dbms_cdc_ipublish (Vuln DB05) and (2) sys.dbms_cdc_isubscribe (DB06). NOTE: as of 20061023 Oracle has not disputed reports from reliable third parties that DB05 is for SQL injection in CREATE_CHANGE_TABLE and CHANGE_TABLE_TRIGGER and DB06 is for PL/SQL injection in the PREPARE_UNBOUNDED_VIEW procedure.

Reference

http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.kb.cert.org/vuls/id/446100 http://www.kb.cert.org/vuls/id/716964 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/TA06-291A.html http://www.vupen.com/english/advisories/2006/4065

Share on: