PT-2006-1333 · Oracle · Oracle Database Server+1
Alexander Kornbrust
+8
·
Published
2006-01-18
·
Updated
2017-07-20
·
CVE-2006-0258
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Oracle Database server versions 8.1.7.4 and 9.0.1.5
Description
The issue allows remote attackers to bypass security restrictions, execute arbitrary SQL commands, and gain access to sensitive data. The Connection Manager component is affected, but specific details about the impact and attack vectors are not provided.
Recommendations
For Oracle Database server version 8.1.7.4, update to a version that addresses the security restrictions bypass and arbitrary SQL command execution issues.
For Oracle Database server version 9.0.1.5, update to a version that addresses the security restrictions bypass and arbitrary SQL command execution issues.
As a temporary workaround, consider restricting access to sensitive data and limiting the execution of SQL commands until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Oracle Database
Oracle Database Server