CVE-2006-5333 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-5333
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-5333

Description: Unspecified vulnerability in Oracle Spatial component in Oracle Database 10.2.0.2 has unknown impact and remote authenticated attack vectors related to "create session" and "create procedure" privileges, aka Vuln# DB02. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB02 is for SQL injection in the SDO_DROP_USER_BEFORE package using a Trigger for a DROP USER statement in an anonymous PL/SQL block.

CVE Status: Candidate

References: ST 1017077 SAID Secunia Advisory: SA22396 MISC http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf HP http://www.securityfocus.com/archive/1/archive/1/449711/100/0/threaded CONFIRM http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html CERT http://www.us-cert.gov/cas/techalerts/TA06-291A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/449110/100/0/threaded BID 20588

Return to the previous page.