Oracle Database Server Buffer Overflow in SDO_CS package
Publish Date: 21 de июля de 2015
Severity: : Critical
CVE Kennungen: : CVE-2006-5344
Advisory Date: 21 de июля de 2015
DESCRIPTION
Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_3gl, aka Vuln# DB20, and (2) mdsys.sdo_cs, aka DB21. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB20 is a buffer overflow in GEOM_OPERATION, and DB21 is related to a buffer overflow and SQL injection in TRANSFORM_LAYER.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1000825
Trend Micro Deep Security DPI Rule Name: 1000825 - Oracle Database Server Buffer Overflow In MDSYS.SDO_CS package
AFFECTED SOFTWARE AND VERSION:
- Oracle Oracle Database Server 8.1.7.4
- Oracle Oracle Database Server 9.0.1.5
- Oracle Oracle Database Server 9.2.0.7
- Oracle Oracle10g Database Server 10.1.0.4