NVD

Id
59284  
Name
CVE-2006-0547  
Description
Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTH_ALTER_SESSION attribute in the authentication phase of the Transparent Network Substrate (TNS) protocol. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB18 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0265.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2016-12-20  
Published
2006-02-03  
Modified Date
2008-09-05  
Seq
2006-0547  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
304744 59284 CVE-2006-0547 20060117 Oracle DBMS - Access Control Bypass in Login  View
304745 59284 CVE-2006-0547 http://www.imperva.com/application_defense_center/papers/oracle-dbms-01172006.html  View
304746 59284 CVE-2006-0547 http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf  View
304747 59284 CVE-2006-0547 VU#871756  View
304748 59284 CVE-2006-0547 http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html  View
304749 59284 CVE-2006-0547 http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html  View
304750 59284 CVE-2006-0547 TA06-018A  View
304751 59284 CVE-2006-0547 oracle-login-command-execute(24184)  View

Related JVN