Vulnerabilities > CVE-2006-0270 - Multiple vulnerability in Oracle Database Server 10.2.0.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Databases |
| NASL id | ORACLE_RDBMS_CPU_JAN_2006.NASL |
| description | The remote Oracle database server is missing the January 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Queuing - Change Data Capture - Connection Manager - Data Pump - Data Pump Metadata API - Dictionary - Java Net - Net Foundation Layer - Net Listener - Network Communications (RPC) - Oracle HTTP Server - Oracle Label Security - Oracle Text - Oracle Workflow Cartridge - Program Interface Network - Protocol Support - Query Optimizer - Reorganize Objects & Convert Tablespace - Security - Streams Apply - Streams Capture - Streams Subcomponent - TDE Wallet - Upgrade & Downgrade - XML Database |
| last seen | 2020-06-02 |
| modified | 2011-11-16 |
| plugin id | 56051 |
| published | 2011-11-16 |
| reporter | This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/56051 |
| title | Oracle Database Multiple Vulnerabilities (January 2006 CPU) |
Saint
| bid | 16287 |
| description | Oracle XML Component DBMS_XMLSCHEMA.GENERATESCHEMA buffer overflow |
| id | database_oracle_version |
| osvdb | 22567 |
| title | oracle_xml_generateschema |
| type | remote |
References
- http://secunia.com/advisories/18493
- http://secunia.com/advisories/18608
- http://securitytracker.com/id?1015499
- http://www.kb.cert.org/vuls/id/545804
- http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html
- http://www.red-database-security.com/advisory/oracle_tde_unencrypted_sga.html
- http://www.securityfocus.com/archive/1/422262/30/7400/threaded
- http://www.securityfocus.com/bid/16287
- http://www.vupen.com/english/advisories/2006/0243
- http://www.vupen.com/english/advisories/2006/0323
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24186
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24321