Vulnerability Name:

CVE-2006-0586 (CCN-24195)

Assigned:2006-01-18
Published:2006-01-18
Updated:2018-10-19
Summary:Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package.
Note: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle. It is unclear which, if any, Oracle Vuln# identifiers apply to these issues.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-89
Vulnerability Consequences:Data Manipulation
References:Source: CCN
Type: Full-Disclosure Mailing List, Tue Jan 17 2006 - 18:04:03 CST
Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT

Source: MITRE
Type: CNA
CVE-2006-0586

Source: FULLDISC
Type: Vendor Advisory
20060118 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT

Source: FULLDISC
Type: Vendor Advisory
20060118 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT

Source: CCN
Type: Oracle Web site
Oracle Critical Patch Update Advisory - January 2006

Source: OSVDB
Type: UNKNOWN
22839

Source: OSVDB
Type: UNKNOWN
22840

Source: CCN
Type: OSVDB ID: 22839
Oracle Database SYS.KUPV$FT Multiple Function SQL Injection

Source: CCN
Type: OSVDB ID: 22840
Oracle Database SYS.KUPV$FT_INT Multiple Function SQL Injection

Source: MISC
Type: Vendor Advisory
http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html

Source: CCN
Type: Red-Database-Security Advisory 17 Jan 2006 (V 1.00)
SQL Injection in package SYS.KUPV$FT

Source: MISC
Type: Vendor Advisory
http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft.html

Source: MISC
Type: Vendor Advisory
http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft_int.html

Source: BUGTRAQ
Type: UNKNOWN
20060117 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT

Source: BUGTRAQ
Type: UNKNOWN
20060117 Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT

Source: BID
Type: UNKNOWN
16294

Source: CCN
Type: BID-16294
Oracle Database SYS.KUPV$FT Multiple SQL Injection Vulnerabilities

Source: XF
Type: UNKNOWN
oracle-syskupv$ft-sql-injection(24195)

Source: XF
Type: UNKNOWN
oracle-syskupv$ft-sql-injection(24195)

Source: XF
Type: UNKNOWN
oracle-syskupv$ftint-sql-injection(24197)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:application_server:10.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:enterprise_10.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:enterprise_10.1.0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:enterprise_10.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:personal_10.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:personal_10.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:personal_10.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:personal_10.10.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:standard_10.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:standard_10.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:standard_10.1.0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:standard_10.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:standard_10.1.0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:standard_10.1.0.5:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:oracle:database_server:10.1.0.3:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.4:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.4.2:r1:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2006-0586 (CCN-24197)

    Assigned:2006-01-18
    Published:2006-01-18
    Updated:2006-01-18
    Summary:Oracle 10g is vulnerable to multiple SQL injection attacks in the SYS.KUPV$FT_INT package. A remote attacker could send specially-crafted SQL statements to the UPDATE_JOB, ACTIVE_JOB, ATTACH_POSSIBLE, ATTACH_TO_JOB, CREATE_NEW_JOB, DELETE_JOB, DELETE_MASTER_TABLE, DETACH_JOB, GET_JOB_INFO, GET_JOB_QUEUES, GET_SOLE_JOBNAME, MASTER_TBL_LOCK, or VALID_HANDLE function using various parameters, which could allow the attacker to add, modify, or delete information in the back-end database.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    6.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Data Manipulation
    References:Source: CCN
    Type: Full-Disclosure Mailing List, Tue Jan 17 2006 - 18:04:00 CST
    Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT

    Source: MITRE
    Type: CNA
    CVE-2006-0586

    Source: CCN
    Type: Oracle Web site
    Oracle Critical Patch Update Advisory - January 2006

    Source: CCN
    Type: OSVDB ID: 22839
    Oracle Database SYS.KUPV$FT Multiple Function SQL Injection

    Source: CCN
    Type: OSVDB ID: 22840
    Oracle Database SYS.KUPV$FT_INT Multiple Function SQL Injection

    Source: CCN
    Type: Red-Database-Security Advisory 17 Jan 2006 (V 1.00)
    SQL Injection in package SYS.KUPV$FT_INT

    Source: CCN
    Type: BID-16294
    Oracle Database SYS.KUPV$FT Multiple SQL Injection Vulnerabilities

    Source: XF
    Type: UNKNOWN
    oracle-syskupvftint-sql-injection(24197)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:oracle:database_server:10.1.0.3:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.4:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.4.2:r1:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    oracle application server 10.1.0.2
    oracle application server 10.1.0.3
    oracle application server 10.1.0.3.1
    oracle application server 10.1.0.4
    oracle application server 10.1.2
    oracle application server 10.1.2.0.1
    oracle application server 10.1.2.0.2
    oracle application server 10.1.2.1.0
    oracle oracle10g enterprise_10.1.0.2
    oracle oracle10g enterprise_10.1.0.3
    oracle oracle10g enterprise_10.1.0.3.1
    oracle oracle10g enterprise_10.1.0.4
    oracle oracle10g personal_10.1.0.2
    oracle oracle10g personal_10.1.0.3
    oracle oracle10g personal_10.1.0.4
    oracle oracle10g personal_10.10.3.1
    oracle oracle10g standard_10.1.0.2
    oracle oracle10g standard_10.1.0.3
    oracle oracle10g standard_10.1.0.3.1
    oracle oracle10g standard_10.1.0.4
    oracle oracle10g standard_10.1.0.4.2
    oracle oracle10g standard_10.1.0.5
    oracle database server 10.1.0.3 r1
    oracle database server 10.1.0.4 r1
    oracle database server 10.1.0.5 r1
    oracle database server 10.1.0.4.2 r1
    oracle database server 10.1.0.3 r1
    oracle database server 10.1.0.4 r1
    oracle database server 10.1.0.5 r1
    oracle database server 10.1.0.4.2 r1