DB: Oracle DBMS_METADATA Unsafe Command
This signature detects attempts to exploit a known vulnerability against SYS.DBMS_METADATA package bundled with Oracle Database Server. Attackers can use vulnerable programs (functions and stored procedures) to exploit these functions and inject arbitrary data.
Extended Description
Oracle Database Server is prone to SQL injection in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET standard procedure. This may permit an attacker who can influence the invocation parameters of the stored procedure to compromise the database. This issue was originally disclosed in the "Oracle Critical Patch Update - April 2005" advisory. BID 13139 Oracle Multiple Vulnerabilities describes the issues covered in the Oracle advisory. There is insufficient information at this point in time to associate this vulnerability with an identifier from the Oracle advisory.
Affected Products
Oracle oracle10g_standard_edition
Short Name
DB:ORACLE:DBMS:METADATA-UNSAFE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DB
Keywords
CVE-2005-1197 Command DBMS_METADATA Oracle Unsafe bid:13234 bid:13238
Release Date
05/03/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Oracle
CVSS Score
7.5