Vulnerabilities > CVE-2006-5345 - Multiple vulnerability in Oracle Database Server 10.1.0.4/9.0.1.5/9.2.0.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB22. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB22 is related to "length checking" in the RELATE function before MD2.RELATE is called.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family | Databases |
NASL id | ORACLE_RDBMS_CPU_OCT_2006.NASL |
description | The remote Oracle database server is missing the October 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Change Data Capture (CDC) - Core RDBMS - Database Scheduler - Oracle Spatial - XMLDB |
last seen | 2020-06-02 |
modified | 2011-11-16 |
plugin id | 56054 |
published | 2011-11-16 |
reporter | This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/56054 |
title | Oracle Database Multiple Vulnerabilities (October 2006 CPU) |
code |
|
Saint
bid | 20588 |
description | Oracle Spatial component SDO_CS.TRANSFORM_LAYER buffer overflow |
id | database_oracle_version |
osvdb | 31462 |
title | oracle_spatial_transform_layer |
type | remote |
References
- http://secunia.com/advisories/22396
- http://securitytracker.com/id?1017077
- http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf
- http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html
- http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html
- http://www.securityfocus.com/archive/1/449110/100/0/threaded
- http://www.securityfocus.com/archive/1/449711/100/0/threaded
- http://www.securityfocus.com/bid/20588
- http://www.us-cert.gov/cas/techalerts/TA06-291A.html
- http://www.vupen.com/english/advisories/2006/4065