Intrusion Prevention

Oracle.DBMS_EXPORT_EXTENSION.SQL.Injection

Description

This indicates an attempt to exploit a privilege escalation vulnerability in Oracle Database Server product. The vulnerability is caused by an error that occurs when the vulnerable software handles a malicious SQL command. It allows a remote attacker to execute arbitrary SQL commands in the database system.

Affected Products

Oracle Database version 10g Release 1 10.1.0.5
Oracle Database version 10g Release 2 10.2.0.2
Oracle8i Database version Release 3 8.1.7.4
Oracle9i Database version Release 1 9.0.1.5
Oracle9i Database version Release 2 9.2.0.7

Impact

Data Manipulation.

Recommended Actions

Apply the patch for your system:
http://www.oracle.com/technology/deploy/security/pdf/cpuapr2006.html.

CVE References

CVE-2006-2081