CVE-2006-7067

Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was retracted. NOTE: this issue was called an "integer overflow" in the original source, but this might be incorrect.

Published: Mar 2, 2007
Updated: Apr 13, 2023
CVE: CVE-2006-7067
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6
AV:L/AC:H/Au:S/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / database_server	10.2.1-r2	10.2.1-r2.x

http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048251.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048292.html
http://securityreason.com/securityalert/2328
http://www.securityfocus.com/archive/1/441345/100/0/threaded
http://www.securityfocus.com/archive/1/441477/100/0/threaded

Vulnerability Database

289,689

CVE-2006-7067