Vulnerability Name:

CVE-2006-3705 (CCN-27886)

Assigned:2006-07-18
Published:2006-07-18
Updated:2018-10-18
Summary:Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade.
Note: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB21 is for a local SQL injection vulnerability in SYS.DBMS_STATS, and that DB22 is for SQL injection in SYS.DBMS_UPGRADE.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Data Manipulation
References:Source: CCN
Type: Full-Disclosure Mailing List, Tue Jul 18 2006 - 16:42:35 CDT
Oracle Database - SQL Injection in SYS.DBMS_UPGRADE [DB22]

Source: MITRE
Type: CNA
CVE-2006-3705

Source: FULLDISC
Type: UNKNOWN
20060718 Oracle Database - SQL Injection in SYS.DBMS_UPGRADE [DB22]

Source: FULLDISC
Type: UNKNOWN
20060718 Oracle Database - SQL Injection in SYS.DBMS_STATS [DB21]

Source: CCN
Type: SA21111
Oracle Products Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
21111

Source: CCN
Type: SA21165
HP Oracle for OpenView Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
21165

Source: SREASON
Type: UNKNOWN
1251

Source: CCN
Type: SECTRACK ID: 1016529
Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact

Source: SECTRACK
Type: UNKNOWN
1016529

Source: CCN
Type: Oracle Web site
Oracle Critical Patch Update Advisory - July 2006

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html

Source: MISC
Type: Patch, Vendor Advisory
http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html

Source: CCN
Type: Red-Database-Security Web site
Details Oracle Critical Patch Update July 2006 - V1.02

Source: MISC
Type: UNKNOWN
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_stats.html

Source: MISC
Type: UNKNOWN
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_upgrade.html

Source: BUGTRAQ
Type: UNKNOWN
20060718 Oracle Database - SQL Injection in SYS.DBMS_UPGRADE [DB22]

Source: BUGTRAQ
Type: UNKNOWN
20060718 Oracle Database - SQL Injection in SYS.DBMS_STATS [DB21]

Source: HP
Type: UNKNOWN
HPSBMA02133

Source: BID
Type: Patch
19054

Source: CCN
Type: BID-19054
Oracle July 2006 Security Update Multiple Vulnerabilities

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA06-200A
Oracle Products Contain Multiple Vulnerabilities

Source: CERT
Type: US Government Resource
TA06-200A

Source: VUPEN
Type: Vendor Advisory
ADV-2006-2863

Source: VUPEN
Type: Vendor Advisory
ADV-2006-2947

Source: XF
Type: UNKNOWN
oracle-dbmsupgrade-sql-injection(27886)

Source: XF
Type: UNKNOWN
oracle-dbmsupgrade-sql-injection(27886)

Source: XF
Type: UNKNOWN
oracle-dbmsstats-sql-injection(27887)

Source: XF
Type: UNKNOWN
oracle-cpu-july-2006(27897)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:database_server:10.1.0.3:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.4:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2006-3705 (CCN-27887)

    Assigned:2006-07-18
    Published:2006-07-18
    Updated:2006-07-18
    Summary:Oracle Database 10g is vulnerable to SQL injection in the SYS.DBMS_STATS package (Statistics component). A remote attacker with EXECUTE permissions could send specially-crafted SQL statements to the KOLMOGOROV_SMIRNOV, SHAPIRO_WILKS, ANDERSON_DARLING, CHI_SQUARED_CONTINUOUS, CHI_SQUARED_DISCRETE, SUMMARY, NORMAL_DIST_FIT, UNIFORM_DIST_FIT, POISSON_DIST_FIT, WEIBULL_DIST_FIT or EXPONENTIAL_DIST_FIT procedure, which could allow the attacker to view, add, modify, or delete information in the back-end database.
    CVSS v3 Severity:5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): Low
    User Interaction (UI): Required
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    8.7 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
    5.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Data Manipulation
    References:Source: CCN
    Type: Full-Disclosure Mailing List, Tue Jul 18 2006 - 16:42:52 CDT
    Oracle Database - SQL Injection in SYS.DBMS_STATS [DB21]

    Source: MITRE
    Type: CNA
    CVE-2006-3705

    Source: CCN
    Type: SA21111
    Oracle Products Multiple Vulnerabilities

    Source: CCN
    Type: SA21165
    HP Oracle for OpenView Multiple Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1016529
    Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact

    Source: CCN
    Type: Oracle Web site
    Oracle Critical Patch Update Advisory - July 2006

    Source: CCN
    Type: Red-Database-Security Web site
    Details Oracle Critical Patch Update July 2006 - V1.02

    Source: CCN
    Type: BID-19054
    Oracle July 2006 Security Update Multiple Vulnerabilities

    Source: CCN
    Type: US-CERT Technical Cyber Security Alert TA06-200A
    Oracle Products Contain Multiple Vulnerabilities

    Source: XF
    Type: UNKNOWN
    oracle-dbmsstats-sql-injection(27887)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:oracle:database_server:10.1.0.3:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.4:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2006-3705 (CCN-27897)

    Assigned:2006-07-18
    Published:2006-07-18
    Updated:2018-10-18
    Summary:Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade.
    Note: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB21 is for a local SQL injection vulnerability in SYS.DBMS_STATS, and that DB22 is for SQL injection in SYS.DBMS_UPGRADE.
    CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): Low
    User Interaction (UI): Required
    Scope:Scope (S): Changed
    Impact Metrics:Confidentiality (C): High
    Integrity (I): High
    Availibility (A): High
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
    6.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Type:CWE-noinfo
    Vulnerability Consequences:Informational
    References:Source: MITRE
    Type: CNA
    CVE-2006-3698

    Source: MITRE
    Type: CNA
    CVE-2006-3699

    Source: MITRE
    Type: CNA
    CVE-2006-3700

    Source: MITRE
    Type: CNA
    CVE-2006-3701

    Source: MITRE
    Type: CNA
    CVE-2006-3702

    Source: MITRE
    Type: CNA
    CVE-2006-3703

    Source: MITRE
    Type: CNA
    CVE-2006-3704

    Source: MITRE
    Type: CNA
    CVE-2006-3705

    Source: MITRE
    Type: CNA
    CVE-2006-3706

    Source: MITRE
    Type: CNA
    CVE-2006-3707

    Source: MITRE
    Type: CNA
    CVE-2006-3708

    Source: MITRE
    Type: CNA
    CVE-2006-3709

    Source: MITRE
    Type: CNA
    CVE-2006-3710

    Source: MITRE
    Type: CNA
    CVE-2006-3711

    Source: MITRE
    Type: CNA
    CVE-2006-3712

    Source: MITRE
    Type: CNA
    CVE-2006-3713

    Source: MITRE
    Type: CNA
    CVE-2006-3714

    Source: MITRE
    Type: CNA
    CVE-2006-3715

    Source: MITRE
    Type: CNA
    CVE-2006-3716

    Source: MITRE
    Type: CNA
    CVE-2006-3717

    Source: MITRE
    Type: CNA
    CVE-2006-3718

    Source: MITRE
    Type: CNA
    CVE-2006-3719

    Source: MITRE
    Type: CNA
    CVE-2006-3720

    Source: MITRE
    Type: CNA
    CVE-2006-3721

    Source: MITRE
    Type: CNA
    CVE-2006-3722

    Source: MITRE
    Type: CNA
    CVE-2006-3723

    Source: MITRE
    Type: CNA
    CVE-2006-3724

    Source: CCN
    Type: SA21111
    Oracle Products Multiple Vulnerabilities

    Source: CCN
    Type: SA21165
    HP Oracle for OpenView Multiple Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1016529
    Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact

    Source: CCN
    Type: US-CERT VU#932124
    Oracle DBMS_EXPORT_EXTENSION package vulnerable to SQL injection

    Source: CCN
    Type: Oracle Web site
    Oracle Critical Patch Update Advisory - July 2006

    Source: CCN
    Type: OSVDB ID: 28849
    Oracle PeopleSoft Enterprise Portal Authenticated Unspecified Issue (PSE01)

    Source: CCN
    Type: OSVDB ID: 28850
    Oracle PeopleSoft Enterprise Portal Authenticated Unspecified Issue (PSE02)

    Source: CCN
    Type: OSVDB ID: 28851
    Oracle PeopleSoft JD Edwards HTML Server Unspecified Issue

    Source: CCN
    Type: OSVDB ID: 28852
    Oracle Enterprise Manager CORE: Repository HTTP Unspecified Issue

    Source: CCN
    Type: OSVDB ID: 28853
    Oracle Enterprise Manager Enterprise Config Management HTTP Unspecified Issue

    Source: CCN
    Type: OSVDB ID: 28854
    Oracle Enterprise Manager Management Service HTTP Information Disclosure

    Source: CCN
    Type: OSVDB ID: 28855
    Oracle Enterprise Manager Management Service HTTP Unspecified Issue

    Source: CCN
    Type: OSVDB ID: 28856
    Oracle Collaboration Suite Calendar Authenticated HTTP Information Disclosure

    Source: CCN
    Type: OSVDB ID: 28857
    Oracle E-Business Suite Application Object Library Authenticated HTTP Information Disclosure

    Source: CCN
    Type: OSVDB ID: 28858
    Oracle E-Business Suite Application Object Library Authenticated HTTP Unspecified Issue

    Source: CCN
    Type: OSVDB ID: 28859
    Oracle E-Business Suite Application Object Library HTTP Information Disclosure

    Source: CCN
    Type: OSVDB ID: 28861
    Oracle E-Business Suite Application Object Library Authenticated HTTP Information Disclosure

    Source: CCN
    Type: OSVDB ID: 28862
    Oracle E-Business Suite Application Object Library Authenticated HTTP Unspecified Complex Issue

    Source: CCN
    Type: OSVDB ID: 28863
    Oracle E-Business Suite Application Object Library Authenticated HTTP Unspecified Trivial Issue

    Source: CCN
    Type: OSVDB ID: 28864
    Oracle E-Business Suite Application Object Library Unspecified Local Issue

    Source: CCN
    Type: OSVDB ID: 28865
    Oracle E-Business Suite Application Object Library HTTP Information Disclosure

    Source: CCN
    Type: OSVDB ID: 28866
    Oracle E-Business Suite Applications Technology Stack HTTP Unspecified Complex Issue

    Source: CCN
    Type: OSVDB ID: 28867
    Oracle E-Business Suite Applications Technology Stack HTTP Unspecified Trivial Issue

    Source: CCN
    Type: OSVDB ID: 28868
    Oracle E-Business Suite Applications Technology Stack HTTP Trivial Information Disclosure

    Source: CCN
    Type: OSVDB ID: 28869
    Oracle E-Business Suite Internet Expenses Authenticated HTTP Unspecified Issue

    Source: CCN
    Type: OSVDB ID: 28870
    Oracle E-Business Suite Call Center Technology Information Disclosure

    Source: CCN
    Type: OSVDB ID: 28871
    Oracle E-Business Suite Common Applications Information Disclosure

    Source: CCN
    Type: OSVDB ID: 28872
    Oracle E-Business Suite Exchange Unauthenticated Information Disclosure

    Source: CCN
    Type: OSVDB ID: 28873
    Oracle E-Business Suite Exchange Authenticated Information Disclosure

    Source: CCN
    Type: OSVDB ID: 28874
    Oracle E-Business Suite Self-Service Web Applications icx_ticket Authentication Bypass

    Source: CCN
    Type: OSVDB ID: 28875
    Oracle E-Business Suite Workflow Cartridge Information Disclosure

    Source: CCN
    Type: OSVDB ID: 28876
    Oracle E-Business Suite XML Gateway Unspecified Issue

    Source: CCN
    Type: OSVDB ID: 28877
    Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure (AS01)

    Source: CCN
    Type: OSVDB ID: 28878
    Oracle Application Server OC4J HTTP Unspecified Authenticated Issue

    Source: CCN
    Type: OSVDB ID: 28879
    Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure (AS03)

    Source: CCN
    Type: OSVDB ID: 28880
    Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure (AS04)

    Source: CCN
    Type: OSVDB ID: 28881
    Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure (AS05)

    Source: CCN
    Type: OSVDB ID: 28882
    Oracle Application Server OC4J HTTP Unspecified Complex Limited Impact Issue

    Source: CCN
    Type: OSVDB ID: 28883
    Oracle Application Server OC4J HTTP Trivial DoS

    Source: CCN
    Type: OSVDB ID: 28884
    Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure

    Source: CCN
    Type: OSVDB ID: 28885
    Oracle Application Server OC4J HTTP Unspecified Complex Limited Impact Issue

    Source: CCN
    Type: OSVDB ID: 28886
    Oracle Application Server OC4J HTTP Trivial Information Disclosure

    Source: CCN
    Type: OSVDB ID: 28893
    Oracle Core RDBMS Nested Tables Unspecified DoS

    Source: CCN
    Type: OSVDB ID: 28895
    Oracle WebDAV Unspecified HTTP DoS

    Source: CCN
    Type: OSVDB ID: 28896
    Oracle Oracle Dictionary sys.dbms_ddl Unspecified Issue

    Source: CCN
    Type: OSVDB ID: 28898
    Oracle InterMedia ordsys.ordimgidxmethods Unspecified Issue

    Source: CCN
    Type: OSVDB ID: 28906
    Oracle ODBC Driver Call Procedure ref Cursor DoS

    Source: CCN
    Type: OSVDB ID: 28914
    Oracle XMLDB HTTP Unspecified DoS

    Source: CCN
    Type: Red-Database-Security Web site
    Details Oracle Critical Patch Update July 2006 - V1.02

    Source: CCN
    Type: BID-19054
    Oracle July 2006 Security Update Multiple Vulnerabilities

    Source: CCN
    Type: US-CERT Technical Cyber Security Alert TA06-200A
    Oracle Products Contain Multiple Vulnerabilities

    Source: CCN
    Type: ISS X-Force Database
    Oracle Database SYS.DBMS_CDC_IMPDP SQL injection

    Source: XF
    Type: UNKNOWN
    oracle-cpu-july2006(27897)

    BACK
    oracle database server 10.1.0.5
    oracle database server 10.1.0.3 r1
    oracle database server 10.1.0.4 r1
    oracle database server 10.1.0.5 r1
    oracle database server 10.1.0.3 r1
    oracle database server 10.1.0.4 r1
    oracle database server 10.1.0.5 r1