Vulnerabilities > CVE-2006-5344 - Multiple vulnerability in Oracle October 2006 Security Update
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_3gl, aka Vuln# DB20, and (2) mdsys.sdo_cs, aka DB21. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB20 is a buffer overflow in GEOM_OPERATION, and DB21 is related to a buffer overflow and SQL injection in TRANSFORM_LAYER.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Nessus
NASL family | Databases |
NASL id | ORACLE_RDBMS_CPU_OCT_2006.NASL |
description | The remote Oracle database server is missing the October 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Change Data Capture (CDC) - Core RDBMS - Database Scheduler - Oracle Spatial - XMLDB |
last seen | 2020-06-02 |
modified | 2011-11-16 |
plugin id | 56054 |
published | 2011-11-16 |
reporter | This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/56054 |
title | Oracle Database Multiple Vulnerabilities (October 2006 CPU) |
code |
|
Saint
bid | 20588 |
description | Oracle Spatial component SDO_CS.TRANSFORM_LAYER buffer overflow |
id | database_oracle_version |
osvdb | 31462 |
title | oracle_spatial_transform_layer |
type | remote |
References
- http://secunia.com/advisories/22396
- http://securitytracker.com/id?1017077
- http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf
- http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html
- http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html
- http://www.securityfocus.com/archive/1/449110/100/0/threaded
- http://www.securityfocus.com/archive/1/449711/100/0/threaded
- http://www.securityfocus.com/bid/20588
- http://www.us-cert.gov/cas/techalerts/TA06-291A.html
- http://www.vupen.com/english/advisories/2006/4065