CVE-2006-1876 - OpenCVE

Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB12. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the (1) GEN_RID_RANGE_BY_AREA and (2) GEN_RID_RANGE functions in the MDSYS.SDO_PRIDX package.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oracle	Database Server

Configuration 1 [-]

OR	cpe:2.3:a:oracle:database_server:9.2.0.7:::::::*
	cpe:2.3:a:oracle:database_server:10.1.0.4:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/19712
http://secunia.com/advisories/19859
http://securitytracker.com/id?1015961
http://www.kb.cert.org/vuls/id/240249
http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html
http://www.red-database-security.com/advisory/oracle_cpu_apr_2006.html
http://www.securityfocus.com/archive/1/432267/100/0/threaded
http://www.securityfocus.com/bid/17590
http://www.vupen.com/english/advisories/2006/1397
http://www.vupen.com/english/advisories/2006/1571
https://exchange.xforce.ibmcloud.com/vulnerabilities/26051

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-04-20T10:00:00

Updated: 2024-08-07T17:27:29.451Z

Reserved: 2006-04-20T00:00:00

Link: CVE-2006-1876

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-04-20T10:02:00.000

Modified: 2018-10-18T16:37:03.613

Link: CVE-2006-1876

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-04-19T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB12. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the (1) GEN_RID_RANGE_BY_AREA and (2) GEN_RID_RANGE functions in the MDSYS.SDO_PRIDX package."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "19712", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19712"}, {"name": "oracle-sdopridx-sql-injection(26051)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26051"}, {"name": "19859", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19859"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html"}, {"name": "VU#240249", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/240249"}, {"name": "ADV-2006-1571", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1571"}, {"name": "17590", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17590"}, {"name": "SSRT061148", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2006.html"}, {"name": "ADV-2006-1397", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1397"}, {"name": "HPSBMA02113", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded"}, {"name": "1015961", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015961"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1876", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB12. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the (1) GEN_RID_RANGE_BY_AREA and (2) GEN_RID_RANGE functions in the MDSYS.SDO_PRIDX package."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "19712", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19712"}, {"name": "oracle-sdopridx-sql-injection(26051)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26051"}, {"name": "19859", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19859"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html"}, {"name": "VU#240249", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/240249"}, {"name": "ADV-2006-1571", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1571"}, {"name": "17590", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17590"}, {"name": "SSRT061148", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded"}, {"name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2006.html", "refsource": "MISC", "url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2006.html"}, {"name": "ADV-2006-1397", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1397"}, {"name": "HPSBMA02113", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded"}, {"name": "1015961", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015961"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:27:29.451Z"}, "title": "CVE Program Container", "references": [{"name": "19712", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19712"}, {"name": "oracle-sdopridx-sql-injection(26051)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26051"}, {"name": "19859", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19859"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html"}, {"name": "VU#240249", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/240249"}, {"name": "ADV-2006-1571", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1571"}, {"name": "17590", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17590"}, {"name": "SSRT061148", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2006.html"}, {"name": "ADV-2006-1397", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1397"}, {"name": "HPSBMA02113", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded"}, {"name": "1015961", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015961"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1876", "datePublished": "2006-04-20T10:00:00", "dateReserved": "2006-04-20T00:00:00", "dateUpdated": "2024-08-07T17:27:29.451Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:database_server:9.2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "F7847CEB-DD8D-45A0-B500-95D511110FB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:database_server:10.1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F21B42DF-71DC-4FC4-8050-CFF7A3B641E5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB12. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the (1) GEN_RID_RANGE_BY_AREA and (2) GEN_RID_RANGE functions in the MDSYS.SDO_PRIDX package."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Oracle Database Server 9.2.0.7 and 10.1.0.4 tiene impacto y vectores de ataque desconocidos en el componente Oracle Spatial, tcc Vuln# DB12. NOTA: no hay detalles disponibles de Oracle, pero desde 20060521, no han disputado p\u00fablicamente una queja de un investigador independiente fiable que afirma que el problema es inyecci\u00f3n de SQL en las funciones (1) GEN_RID_RANGE_BY_AREA y (2) GEN_RID_RANGE en el paquete MDSYS.SDO_PRIDX.\r\n"}], "id": "CVE-2006-1876", "lastModified": "2018-10-18T16:37:03.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-04-20T10:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19712"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19859"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://securitytracker.com/id?1015961"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/240249"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html"}, {"source": "cve@mitre.org", "url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2006.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/432267/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/17590"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/1397"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/1571"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26051"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}