le Boundary Error within the MDSYS.MD2 Package
Publish Date: 04 de февраля de 2011
Severity: : High
CVE Kennungen: : CVE-2006-5334
Advisory Date: 04 de февраля de 2011
DESCRIPTION
cve: Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and remote authenticated attack vectors related to mdsys.md2, aka Vuln# DB03. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB03 is related to one or more of (1) a buffer overflow in the (a) RELATE function or (2) SQL injection in the (b) TESSELATE_FIXED and (c) TESSELATE function.
INFORMATION EXPOSURE
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.
AFFECTED SOFTWARE AND VERSION:
- Oracle Oracle10g Database Server 10.1.0.5
- Oracle Oracle9i Database Server 9.0.1.5
- Oracle Oracle9i Database Server 9.2.0.7