|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
Oracle Database Server contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the DBMS_METADATA_INT package not properly sanitizing user-supplied input to the MAKE_FILTER, FETCH_VIEWS_ERROR, FETCH_FILTERS, FETCH_VIEWS, SET_FILTER_COMMON, DO_FILTER_SCRIPT, SET_TABLE_FILTERS, or MAKE_FILTER_TEXT procedure. This may allow an attacker to inject or manipulate SQL queries in the backend database.
|
|
Classification |
Location:
Local Access Required,
Remote/Network Access Required
Attack Type:
Information Disclosure,
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified,
Vendor Verified
OSVDB:
Web Related
|
|
Solution |
Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch (Jan2006 Critical Patch Update) to address this vulnerability.
|
|
Products |
|
Database 10g Release 2
 |
10.2.0.1 |
Database 10g Release 1
|
10.1.0.3 |
10.1.0.4 |
10.1.0.5 |
10.1.0.4.2 |
9i Database Release 2
|
9.2.0.6 |
9.2.0.7 |
8i Database Release 3
|
8.1.7.4 |
9i Database Release 1
|
9.0.1.4 |
9.0.1.5 |
9.0.1.5 FIPS |
8 Database Release 8.0.6
|
8.0.6.3 |
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
