PT-2006-6054 · Oracle · Oracle Database

Published

2006-10-18

Updated

2018-10-17

CVE-2006-5334

CVSS v2.0

7.1

High

Vector

AV:N/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Database versions 9.0.1.5, 9.2.0.7, and 10.1.0.5

Description The issue concerns an unspecified vulnerability in the Oracle Spatial component, related to mdsys.md2. It has remote authenticated attack vectors and unknown impact. There are reports suggesting it may be related to either a buffer overflow in the RELATE function or SQL injection in the TESSELATE FIXED and TESSELATE functions.

Recommendations For Oracle Database version 9.0.1.5, consider restricting access to the mdsys.md2 component until a fix is available. For Oracle Database version 9.2.0.7, consider disabling the RELATE function as a temporary workaround. For Oracle Database version 10.1.0.5, avoid using the TESSELATE FIXED and TESSELATE functions until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5334

Affected Products

Oracle Database

PT-2006-6054 · Oracle · Oracle Database

CVE-2006-5334

Related Identifiers

Affected Products

References · 12