CVE-2006-0261

Name of the Vulnerable Software and Affected Versions Oracle Database server versions 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5

Description The issue involves unspecified vulnerabilities in the Oracle Database server, affecting the Dictionary and Oracle Label Security components. It is reported that one of the vulnerabilities, DB07, involves the plaintext storage of the TDE wallet password in a trace file by event 10053.

Recommendations For Oracle Database server version 8.1.7.4, update to a version that addresses the storage of sensitive information in plaintext. For Oracle Database server version 9.0.1.5, update to a version that addresses the storage of sensitive information in plaintext. For Oracle Database server version 9.2.0.7, update to a version that addresses the storage of sensitive information in plaintext. For Oracle Database server version 10.1.0.5, update to a version that addresses the storage of sensitive information in plaintext. As a temporary workaround, consider restricting access to the trace files generated by event 10053 to minimize the risk of exploitation.