CVE-2006-5344
https://notcve.org/view.php?id=CVE-2006-5344
Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_3gl, aka Vuln# DB20, and (2) mdsys.sdo_cs, aka DB21. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB20 is a buffer overflow in GEOM_OPERATION, and DB21 is related to a buffer overflow and SQL injection in TRANSFORM_LAYER. Múltiples vulnerabilidades no especificadas en el componente Oracle Spatial en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, y 10.1.0.4 tienen impacto y vectores de ataque remotos autenticados desconocidos relacionados con (1) mdsys.sdo_3gl, también conocido como Vuln# DB20, y (2) mdsys.sdo_cs, también conocido como DB21. NOTA: a fecha de 23/10/2006, Oracle no ha negado los informes de terceras partes fiables de que DB20 es un desbordamiento de búfer en GEOM_OPERATION, y DB21 está relacionado con un desbordamiento de búfer e inyección de SQL en TRANSFORM_LAYER. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •
CVE-2006-5345
https://notcve.org/view.php?id=CVE-2006-5345
Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB22. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB22 is related to "length checking" in the RELATE function before MD2.RELATE is called. Vulnerabilidad no especificada en el componente Oracle Spatial en Oracle Database 9.0.1.5, 9.2.0.7, y 10.1.0.4 tiene impacto y vectores de ataque remotos autenticados desconocidos relacionados con mdsys.sdo_geom, también conocido como Vuln# DB22. NOTA: a fecha de 23/10/2006, Oracle no ha impugnado los informes de una tercera parte fiable de que DB22 está relacionado con la "comprobación de longitud" en la función RELATE anterior a que se llame a MD2.RELATE. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •
CVE-2006-5337
https://notcve.org/view.php?id=CVE-2006-5337
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 has unknown impact and remote authenticated attack vectors, aka Vuln# DB09. Vulnerabilidad no especificada en el componente Core RDBMS en Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5 y 10.2.0.2 tiene impacto y vectores de ataque autenticado remoto desconocidos, también conocida como Vuln# DB09. • http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.securityfocus.com/archive/1/449110/100/0/threaded http://www.securityfocus.com/archive/1/449711/100/0/threaded http://www.securityfocus.com/bid/20588 http://www.us-cert.gov/cas/techalerts/ •
CVE-2006-5340
https://notcve.org/view.php?id=CVE-2006-5340
Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert, and DB17 is related to SQL injection in the trigger in the SDO_DROP_USER package. Múltiples vulnerabilidades no especificadas en el componente Oracle Spatial en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5 y 10.2.0.2 tiene impacto y vectores de ataque remoto autenticado remoto relacionado con (1) mdsys.sdo_lrs, también conocida como Vuln# DB13 y (2) Vuln# DB17. NOTA: a partir de 20061023, Oracle no ha disputado informes de terceras partes confiables sobre que DB13 está relacionado con eludir la validación de entrada para inyección SQL relacionada con convert_to_lrs_layer y dbms_assert y DB17 está relacionado con inyección SQL en el disparador en el paquete SDO_DROP_USER. • http://archive.cert.uni-stuttgart.de/archive/bugtraq/2006/07/msg00489.html http://archive.cert.uni-stuttgart.de/archive/bugtraq/2006/07/msg00500.html http://secunia.com/advisories/22396 http://securitytracker.com/id?1017077 http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf http://www.kb.cert.org/vuls/id/869292 http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www. •
CVE-2006-3702
https://notcve.org/view.php?id=CVE-2006-3702
Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, and (16) DBC04 for RPC; and (17) DB20 for Semantic Analysis. NOTE: as of 20060719, Oracle has not disputed third party claims that DB06 is related to "SQL injection" using DBMS_EXPORT_EXTENSION with a modified ODCIIndexGetMetadata routine and a call to GET_DOMAIN_INDEX_METADATA, in which case DB06 might be CVE-2006-2081. Múltiples vulnerabilidades no especificadas en Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, y 10.2.0.2 tienen un impacto desconocido y vectores de ataque, también conocido como Oracle Vuln# (1) DB06 en Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 para Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, y (16) DBC04 para RPC; y(17) DB20 para Semantic Analysis. NOTA: en fecha 20060719, Oracle no ha disputado a terceros que DB06 está relacionado con la “inyección SQL” utilizando DBMS_EXPORT_EXTENSION con una rutina ODCIIndexGetMetadata y una llamada a GET_DOMAIN_INDEX_METADATA, en cuyo caso DB06 podría estar CVE-2006-2081. • http://secunia.com/advisories/21111 http://secunia.com/advisories/21165 http://securitytracker.com/id?1016529 http://www.kb.cert.org/vuls/id/932124 http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html http://www.red-database-security.com/exploits/oracle-sql-injection-oracle-dbms_export_extension.html http://www.securityfocus.com/archive/1/440758/100/100/threaded http://www.securityfocus.com/bid •