Vulnerability Details CVE-2006-5339
Unspecified vulnerability in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB11. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB11 is related to "length checking" in the RELATE function before MD2.RELATE is called.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.05
EPSS Ranking 89.1%
CVSS Severity
CVSS v2 Score 9.0
References
- http://secunia.com/advisories/22396
- http://securitytracker.com/id?1017077
- http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf
- http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html
- http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html
- http://www.securityfocus.com/archive/1/449110/100/0/threaded
- http://www.securityfocus.com/archive/1/449711/100/0/threaded
- http://www.securityfocus.com/archive/1/449711/100/0/threaded
- http://www.securityfocus.com/bid/20588
- http://www.us-cert.gov/cas/techalerts/TA06-291A.html
- http://www.vupen.com/english/advisories/2006/4065
- http://secunia.com/advisories/22396
- http://securitytracker.com/id?1017077
- http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf
- http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html
- http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html
- http://www.securityfocus.com/archive/1/449110/100/0/threaded
- http://www.securityfocus.com/archive/1/449711/100/0/threaded
- http://www.securityfocus.com/archive/1/449711/100/0/threaded
- http://www.securityfocus.com/bid/20588
- http://www.us-cert.gov/cas/techalerts/TA06-291A.html
- http://www.vupen.com/english/advisories/2006/4065
Products affected by CVE-2006-5339
-
cpe:2.3:a:oracle:database_server:10.1.0.4
-
cpe:2.3:a:oracle:database_server:8.1.7.4
-
cpe:2.3:a:oracle:database_server:9.0.1.5
-
cpe:2.3:a:oracle:database_server:9.2.0.7