ID CVE-2006-5340
Summary Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert, and DB17 is related to SQL injection in the trigger in the SDO_DROP_USER package.
References
Vulnerable Configurations
  • Oracle Database Server 8.1.7.4
    cpe:2.3:a:oracle:database_server:8.1.7.4
  • Oracle Database Server 9.0.1.5
    cpe:2.3:a:oracle:database_server:9.0.1.5
  • cpe:2.3:a:oracle:database_server:9.2.0.7
  • Oracle Database Server 10g 10.1.0.5
    cpe:2.3:a:oracle:database_server:10.1.0.5
  • Oracle Database Server 10g 10.2.0.2
    cpe:2.3:a:oracle:database_server:10.2.0.2
CVSS
Base: 7.1 (as of 24-06-2016 - 15:09)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family Databases
NASL id ORACLE_RDBMS_CPU_OCT_2006.NASL
description The remote Oracle database server is missing the October 2006 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Change Data Capture (CDC) - Core RDBMS - Database Scheduler - Oracle Spatial - XMLDB
last seen 2019-02-21
modified 2018-11-15
plugin id 56054
published 2011-11-16
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=56054
title Oracle Database Multiple Vulnerabilities (October 2006 CPU)
refmap via4
bid 20588
bugtraq
  • 20060726 Bypassing Oracle dbms_assert
  • 20060726 Re: Bypassing Oracle dbms_assert
  • 20061018 Analysis of the Oracle October 2006 Critical Patch Update
  • 20061023 SQL Injection in Oracle package MDSYS.SDO_LRS
cert TA06-291A
cert-vn VU#869292
confirm http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html
hp
  • HPSBMA02133
  • SSRT061201
misc
sectrack 1017077
secunia 22396
vupen ADV-2006-4065
saint via4
bid 20588
description Oracle Spatial component SDO_CS.TRANSFORM_LAYER buffer overflow
id database_oracle_version
osvdb 31462
title oracle_spatial_transform_layer
type remote
Last major update 29-04-2016 - 21:59
Published 17-10-2006 - 21:07
Last modified 17-10-2018 - 17:42
Back to Top