| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.8 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in Oracle Oracle10g 10.1.0.2. This affects an unknown function. This manipulation of the argument SUBSCRIPTION_NAME causes sql injection. This vulnerability is registered as CVE-2005-4832. Remote exploitation of the attack is possible. Furthermore, an exploit is available. It is advised to implement further authentication.
Details
A vulnerability classified as critical was found in Oracle Oracle10g 10.1.0.2. Affected by this vulnerability is some unknown functionality. The manipulation of the argument SUBSCRIPTION_NAME with an unknown input leads to a sql injection vulnerability. The CWE definition for the vulnerability is CWE-89. The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197.
The bug was discovered 04/18/2005. The weakness was published 12/31/2005 with Argeniss (Website). It is possible to read the advisory at oracle.com. This vulnerability is known as CVE-2005-4832 since 03/03/2007. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details and also a public exploit are known. The attack technique deployed by this issue is T1505 according to MITRE ATT&CK.
A public exploit has been developed in Perl. It is possible to download the exploit at securityfocus.com. It is declared as highly functional. We expect the 0-day to have been worth approximately $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 18034 (Oracle Database 10g Multiple Remote Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Databases and running in the context r.
It is possible to mitigate the problem by adding an authentication mechanism. A possible mitigation has been published before and not just after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 3464.
The vulnerability is also documented in the databases at X-Force (20159), Exploit-DB (25452), Tenable (18034), SecurityFocus (BID 13236†) and OSVDB (15553†). Similar entries are available at VDB-1363, VDB-24917, VDB-26558 and VDB-22186. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.oracle.com
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 6.8
VulDB Base Score: 7.3
VulDB Temp Score: 6.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Sql injectionCWE: CWE-89 / CWE-74 / CWE-707
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Highly functional
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 18034
Nessus Name: Oracle Database 10g Multiple Remote Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
MetaSploit ID: dbms_cdc_subscribe_activate_subscription.rb
MetaSploit Name: Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION
MetaSploit File: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: AuthenticationStatus: 🔍
0-Day Time: 🔍
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
Fortigate IPS: 🔍
Timeline
04/12/2005 🔍04/12/2005 🔍
04/12/2005 🔍
04/13/2005 🔍
04/18/2005 🔍
05/08/2005 🔍
12/31/2005 🔍
12/31/2005 🔍
03/03/2007 🔍
03/12/2015 🔍
02/01/2025 🔍
Sources
Vendor: oracle.comAdvisory: oracle.com
Organization: Argeniss
Status: Not defined
Confirmation: 🔍
CVE: CVE-2005-4832 (🔍)
GCVE (CVE): GCVE-0-2005-4832
GCVE (VulDB): GCVE-100-28135
X-Force: 20159
SecurityFocus: 13236 - Oracle 10g Database SUBSCRIPTION_NAME Remote SQL Injection Vulnerability
OSVDB: 15553 - Oracle Database Server SUBSCRIPTION_NAME SQL injection
Vulnerability Center: 7866 - SQL Injection in Oracle Database Server 10g via SUBSCRIPTION_NAME Parameter, High
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 03/12/2015 11:11Updated: 02/01/2025 10:10
Changes: 03/12/2015 11:11 (77), 06/01/2019 09:39 (6), 02/01/2025 10:10 (21)
Complete: 🔍
Cache ID: 216:B14:103
No comments yet. Languages: en.
Please log in to comment.