CVE-2006-0270

Name of the Vulnerable Software and Affected Versions Oracle Database server version 10.2.0.1

Description The issue concerns the Transparent Data Encryption (TDE) Wallet component. It is reported that the TDE stores the master key without encryption, allowing local users to obtain the key via the SGA. This could potentially have significant impact, although the specifics of the attack vectors and the full extent of the impact are not detailed.

Recommendations For Oracle Database server version 10.2.0.1, consider restricting access to the TDE Wallet component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.