CVE-2006-5341 - Stuffy Dot

Description

Multiple unspecified vulnerabilities in XMLDB component in Oracle Database 9.2.0.8 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors aka (1) Vuln DB14 and (2) DB15 related to xdb.dbms_xdbz. NOTE: as of 20061023 Oracle has not disputed reports from reliable third parties that DB14 is for SQL injection in the PITRIG_DROP and PITRIG_DROPMETADATA functions in XDB_PITRIG_PKG and DB15 is for SQL injection in DISABLE_HIERARCHY_INTERNAL in DBMS_XDBZ.

Reference

http://www.securityfocus.com/bid/20588 http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.us-cert.gov/cas/techalerts/TA06-291A.html http://securitytracker.com/id?1017077 http://secunia.com/advisories/22396 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.kb.cert.org/vuls/id/318764 http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_xdbz0.html http://www.vupen.com/english/advisories/2006/4065 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/archive/1/449510/100/0/threaded http://www.securityfocus.com/archive/1/449110/100/0/threaded