Oracle Database Server SQL Injection In CONVERT_TO_LRS_LAYER Procedures Of MDSYS.SDO_LRS Package
Publish Date: 21 Juli 2015
Schweregrad:: Hoch
CVE Kennungen:: CVE-2006-5340
Hinweisdatum: 21 Juli 2015
Beschreibung
Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert, and DB17 is related to SQL injection in the trigger in the SDO_DROP_USER package.
Trend Micro Lösungen
Apply associated Trend Micro DPI Rules.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1000823
Trend Micro Deep Security DPI Rule Name: 1000823 - Oracle Database Server SQL Injection In CONVERT_TO_LRS_LAYER Procedure Of MDSYS.SDO_LRS Package
Betroffene Software und Version:
- Oracle Oracle10g Database Server 10.1.0.5
- Oracle Oracle10g Database Server 10.2.0.2
- Oracle Oracle8i Database Server 8.1.7.4
- Oracle Oracle9i Database Server 9.0.1.5
- Oracle Oracle9i Database Server 9.2.0.7