Oracle Database Server SQL Injection in SYS.DBMS_SQLTUNE_INTERNAL package
Schweregrad: : Crítico
Identificador(es) CVE: : CVE-2006-5338
Data do informe: 21 julho 2015
Descrição
Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5 and 10.2.0.0 has unknown impact and remote authenticated attack vectors related to sys.dbms_sqltune, aka Vuln# DB10. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB10 is for SQL injection in DROP_SQLSET, DELETE_SQLSET, SELECT_SQLSET, and I_SET_TUNING_PARAMETER. NOTE: some of these vectors might be in DBMS_SQLTUNE_INTERNAL.
Exposição das informações
Apply associated Trend Micro DPI Rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1000824
Trend Micro Deep Security DPI Rule Name: 1000824 - Oracle Database Server SQL Injection In Multiple Procedures Of DBMS_SQLTUNE_INTERNAL Package
Software infectado e versão:
- Oracle Oracle10g Database Server 10.1.0.5
- Oracle Oracle10g Database Server 10.2.0.0