CVE-2006-5341 Information

Description

Multiple unspecified vulnerabilities in XMLDB component in Oracle Database 9.2.0.8 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors aka (1) Vuln DB14 and (2) DB15 related to xdb.dbms_xdbz. NOTE: as of 20061023 Oracle has not disputed reports from reliable third parties that DB14 is for SQL injection in the PITRIG_DROP and PITRIG_DROPMETADATA functions in XDB_PITRIG_PKG and DB15 is for SQL injection in DISABLE_HIERARCHY_INTERNAL in DBMS_XDBZ.

Reference

http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.kb.cert.org/vuls/id/318764 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_xdbz0.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449510/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/TA06-291A.html http://www.vupen.com/english/advisories/2006/4065