[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-0270Date: (C)2006-01-18   (M)2023-12-22


Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1015499
BID-16287
SECUNIA-18493
SECUNIA-18608
http://www.securityfocus.com/archive/1/422262/30/7400/threaded
ADV-2006-0243
ADV-2006-0323
VU#545804
http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html
http://www.red-database-security.com/advisory/oracle_tde_unencrypted_sga.html
oracle-january2006-update(24321)
oracle-sga-masterkey-plaintext(24186)

CPE    1
cpe:/a:oracle:database_server:10.2.0.1
CWE    1
CWE-310

© SecPod Technologies