CVE-2006-7067

Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was retracted. NOTE: this issue was called an "integer overflow" in the original source, but this might be incorrect.

CVSS v2.0 6.0 MEDIUM

6.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:H/Au:S/C:C/I:C/A:C

Exploitability : 1.5 / Impact : 10.0

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048251.html	Exploit
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048292.html
http://securityreason.com/securityalert/2328
http://www.securityfocus.com/archive/1/441345/100/0/threaded
http://www.securityfocus.com/archive/1/441477/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:database_server:10.2.1:r2:*:*:*:*:*:*

History

No history.

Information

Published : 2007-03-02 21:18

Updated : 2023-12-10 10:40

NVD link : CVE-2006-7067

Mitre link : CVE-2006-7067

CVE.ORG link : CVE-2006-7067

JSON object : View

Products Affected

oracle

database_server

CWE

NVD-CWE-Other

{"id": "CVE-2006-7067", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": true, "exploitabilityScore": 1.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-03-02T21:18:00.000", "references": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048251.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048292.html", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2328", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/441345/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/441477/100/0/threaded", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an \"alter session set events\" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was retracted. NOTE: this issue was called an \"integer overflow\" in the original source, but this might be incorrect."}, {"lang": "es", "value": "Oracle 10g R2 y posiblemente otras versiones permite a atacantes remotos disparar errores internos, y posiblemente tener otros impactos, mediante un comando para \"alterar eventos de establecimiento de sesi\u00f3n\" con argumentos inv\u00e1lidos. NOTA: este problema fue originalmente impugnado por una tercera parte, pero la impugnaci\u00f3n fue retirada. NOTA: este problema fue calificado como \"desbordamiento de entero\" en la fuente original, pero podr\u00eda ser incorrecto."}], "lastModified": "2018-10-16T16:29:23.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:database_server:10.2.1:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABF498E5-F7DF-41F4-BC47-AB66E69BC89F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}