Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 DB:ORACLE:SYS:KUPVFT-UNSAFE

Severity

 High

Recommended

 No

Category

 DB

Keywords

 Oracle SYS.KUPV Unsafe Command

Release Date

 2007/03/05

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

DB: Oracle SYS.KUPV Unsafe Command


This signature detects attempts to exploit a known vulnerability against Oracle Database SYS.KUPV module. A successful attack can lead to arbitrary code execution.

Extended Description

Oracle 10g is prone to multiple SQL-injection vulnerabilities. These issues affect various functions of the 'SYS.KUPV$FT' package. Exploiting these vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. Successful exploitation may allow the attacker to compromise the application, retrieve sensitive information, or modify data; other consequences are possible as well. Oracle 10g Release 1 and prior versions are considered vulnerable to these issues. These issues are part of the vulnerabilities addressed by Oracle in Oracle Critical Patch Update - January 2006. Please see BID 16287 (Oracle January Security Update Multiple Vulnerabilities) for more information.

Affected Products

  • Oracle Oracle10g Application Server 10.1.0 .0.2
  • Oracle Oracle10g Application Server 10.1.0 .0.3
  • Oracle Oracle10g Application Server 10.1.0 .0.3.1
  • Oracle Oracle10g Application Server 10.1.0 .0.4
  • Oracle Oracle10g Application Server 10.1.2
  • Oracle Oracle10g Application Server 10.1.2 .0.1
  • Oracle Oracle10g Application Server 10.1.2 .0.2
  • Oracle Oracle10g Application Server 10.1.2 .1.0
  • Oracle Oracle10g Enterprise Edition 10.1.0 .0.2
  • Oracle Oracle10g Enterprise Edition 10.1.0 .0.3
  • Oracle Oracle10g Enterprise Edition 10.1.0 .0.3.1
  • Oracle Oracle10g Enterprise Edition 10.1.0 .0.4
  • Oracle Oracle10g Personal Edition 10.1.0 .0.2
  • Oracle Oracle10g Personal Edition 10.1.0 .0.3
  • Oracle Oracle10g Personal Edition 10.1.0 .0.3.1
  • Oracle Oracle10g Personal Edition 10.1.0 .0.4
  • Oracle Oracle10g Standard Edition 10.1.0 .0.2
  • Oracle Oracle10g Standard Edition 10.1.0 .0.3
  • Oracle Oracle10g Standard Edition 10.1.0 .0.3.1
  • Oracle Oracle10g Standard Edition 10.1.0 .0.4
  • Oracle Oracle10g Standard Edition 10.1.0 .0.5
  • Oracle Oracle10g Standard Edition 10.1.0 .4.2

References

  • BugTraq: 16294
  • CVE: CVE-2006-0586
  • URL: http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out