Oracle Database Server SQL Injection in SYS.DBMS_SQLTUNE_INTERNAL package
2015年7月21日
危険度: : 緊急
CVE識別番号: CVE-2006-5338
概要
Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5 and 10.2.0.0 has unknown impact and remote authenticated attack vectors related to sys.dbms_sqltune, aka Vuln# DB10. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB10 is for SQL injection in DROP_SQLSET, DELETE_SQLSET, SELECT_SQLSET, and I_SET_TUNING_PARAMETER. NOTE: some of these vectors might be in DBMS_SQLTUNE_INTERNAL.
トレンドマイクロの対策
Apply associated Trend Micro DPI Rules.
対応方法
Trend Micro Deep Security DPI Rule Number: 1000824
Trend Micro Deep Security DPI Rule Name: 1000824 - Oracle Database Server SQL Injection In Multiple Procedures Of DBMS_SQLTUNE_INTERNAL Package
影響を受けるソフトウェア
- Oracle Oracle10g Database Server 10.1.0.5
- Oracle Oracle10g Database Server 10.2.0.0