Vulnerability Name:

CVE-2006-0261 (CCN-24168)

Assigned:2006-01-17
Published:2006-01-17
Updated:2018-10-19
Summary:Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB07 in the Dictionary component and (2) DB14 in the Oracle Label Security component.
Note: Oracle has not disputed reliable researcher claims that DB07 involves plaintext storage of the TDE wallet password in a trace file by event 10053.
CVSS v3 Severity:2.8 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.7 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N)
1.5 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: Full-Disclosure Mailing List, Tue Jan 17 2006 - 14:53:53 CST
Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext

Source: MITRE
Type: CNA
CVE-2006-0261

Source: CCN
Type: SA18493
Oracle Products Multiple Vulnerabilities and Security Issues

Source: SECUNIA
Type: Vendor Advisory
18493

Source: CCN
Type: SA18608
HP Oracle for Openview Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
18608

Source: CCN
Type: SECTRACK ID: 1015499
Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact

Source: SECTRACK
Type: UNKNOWN
1015499

Source: CCN
Type: US-CERT VU#545804
Oracle products contain multiple vulnerabilities

Source: CERT-VN
Type: US Government Resource
VU#545804

Source: CCN
Type: Oracle Web site
Oracle Critical Patch Update Advisory - January 2006

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html

Source: MISC
Type: UNKNOWN
http://www.red-database-security.com/advisory/oracle_tde_wallet_password.html

Source: BUGTRAQ
Type: UNKNOWN
20060117 Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext

Source: BID
Type: UNKNOWN
16287

Source: CCN
Type: BID-16287
Oracle January Security Update Multiple Vulnerabilities

Source: VUPEN
Type: Vendor Advisory
ADV-2006-0243

Source: VUPEN
Type: Vendor Advisory
ADV-2006-0323

Source: XF
Type: UNKNOWN
oracle-masterkey-plaintext(24168)

Source: XF
Type: UNKNOWN
oracle-masterkey-plaintext(24168)

Source: XF
Type: UNKNOWN
oracle-january2006-update(24321)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0.1.5:*:fips:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:database_server:9.2.0.6:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.3:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.4:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.7:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1.7.4:r3:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2006-0261 (CCN-24321)

    Assigned:2006-01-17
    Published:2006-01-17
    Updated:2018-10-19
    Summary:Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB07 in the Dictionary component and (2) DB14 in the Oracle Label Security component.
    Note: Oracle has not disputed reliable researcher claims that DB07 involves plaintext storage of the TDE wallet password in a trace file by event 10053.
    CVSS v3 Severity:2.8 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
    Exploitability Metrics:Attack Vector (AV): Local
    Attack Complexity (AC): Low
    Privileges Required (PR): Low
    User Interaction (UI): Required
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): None
    Availibility (A): None
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    8.7 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N)
    1.5 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Type:CWE-noinfo
    Vulnerability Consequences:Informational
    References:Source: MITRE
    Type: CNA
    CVE-2005-2371

    Source: MITRE
    Type: CNA
    CVE-2006-0257

    Source: MITRE
    Type: CNA
    CVE-2006-0258

    Source: MITRE
    Type: CNA
    CVE-2006-0259

    Source: MITRE
    Type: CNA
    CVE-2006-0260

    Source: MITRE
    Type: CNA
    CVE-2006-0261

    Source: MITRE
    Type: CNA
    CVE-2006-0262

    Source: MITRE
    Type: CNA
    CVE-2006-0263

    Source: MITRE
    Type: CNA
    CVE-2006-0265

    Source: MITRE
    Type: CNA
    CVE-2006-0266

    Source: MITRE
    Type: CNA
    CVE-2006-0267

    Source: MITRE
    Type: CNA
    CVE-2006-0268

    Source: MITRE
    Type: CNA
    CVE-2006-0269

    Source: MITRE
    Type: CNA
    CVE-2006-0270

    Source: MITRE
    Type: CNA
    CVE-2006-0271

    Source: MITRE
    Type: CNA
    CVE-2006-0272

    Source: MITRE
    Type: CNA
    CVE-2006-0273

    Source: MITRE
    Type: CNA
    CVE-2006-0274

    Source: MITRE
    Type: CNA
    CVE-2006-0275

    Source: MITRE
    Type: CNA
    CVE-2006-0276

    Source: MITRE
    Type: CNA
    CVE-2006-0277

    Source: MITRE
    Type: CNA
    CVE-2006-0278

    Source: MITRE
    Type: CNA
    CVE-2006-0279

    Source: MITRE
    Type: CNA
    CVE-2006-0280

    Source: MITRE
    Type: CNA
    CVE-2006-0281

    Source: MITRE
    Type: CNA
    CVE-2006-0282

    Source: MITRE
    Type: CNA
    CVE-2006-0283

    Source: MITRE
    Type: CNA
    CVE-2006-0284

    Source: MITRE
    Type: CNA
    CVE-2006-0285

    Source: MITRE
    Type: CNA
    CVE-2006-0286

    Source: MITRE
    Type: CNA
    CVE-2006-0287

    Source: MITRE
    Type: CNA
    CVE-2006-0288

    Source: MITRE
    Type: CNA
    CVE-2006-0289

    Source: MITRE
    Type: CNA
    CVE-2006-0290

    Source: MITRE
    Type: CNA
    CVE-2006-0291

    Source: MITRE
    Type: CNA
    CVE-2006-0548

    Source: MITRE
    Type: CNA
    CVE-2006-0549

    Source: MITRE
    Type: CNA
    CVE-2006-0550

    Source: MITRE
    Type: CNA
    CVE-2006-0551

    Source: MITRE
    Type: CNA
    CVE-2006-0552

    Source: CCN
    Type: SA18493
    Oracle Products Multiple Vulnerabilities and Security Issues

    Source: CCN
    Type: SA18608
    HP Oracle for Openview Multiple Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1015499
    Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact

    Source: CCN
    Type: US-CERT VU#150332
    Oracle Text SQL injection vulnerability

    Source: CCN
    Type: US-CERT VU#472148
    Oracle Reports arbitrary file writing vulnerability

    Source: CCN
    Type: US-CERT VU#545804
    Oracle products contain multiple vulnerabilities

    Source: CCN
    Type: US-CERT VU#629316
    Oracle Database SYS.DBMS_METADATA_UTIL package SQL injection vulnerability

    Source: CCN
    Type: US-CERT VU#857412
    Oracle Transparent Data Encryption master encryption key stored as plaintext

    Source: CCN
    Type: US-CERT VU#870172
    Oracle Database Net Listener vulnerability

    Source: CCN
    Type: US-CERT VU#891644
    Oracle Database XML Database SQL Injection vulnerability

    Source: CCN
    Type: US-CERT VU#925261
    Oracle Reports arbitrary file reading vulnerability

    Source: CCN
    Type: US-CERT VU#983340
    Oracle Database Data Pump Metadata API SQL injection vulnerability

    Source: CCN
    Type: US-CERT VU#999268
    Oracle Client Tools buffer overflow vulnerability

    Source: CCN
    Type: Oracle Web site
    Oracle Critical Patch Update Advisory - January 2006

    Source: CCN
    Type: OSVDB ID: 22541
    Oracle Database Connection Manager Trivial Remote DoS

    Source: CCN
    Type: OSVDB ID: 22543
    Oracle Database Data Pump Metadata API DBMS_METADATA_UTIL Multiple Procedure SQL Injection

    Source: CCN
    Type: OSVDB ID: 22544
    Oracle Database Data Pump Metadata API DBMS_DATAPUMP Multiple Procedure SQL Injection

    Source: CCN
    Type: OSVDB ID: 22546
    Oracle Database Net Foundation Layer Unspecified Remote Issue

    Source: CCN
    Type: OSVDB ID: 22547
    Oracle Database Net Listener Multiple Unspecified Remote Issues (DB09)

    Source: CCN
    Type: OSVDB ID: 22549
    Oracle Database Net Listener Multiple Unspecified Remote Issues (DB11)

    Source: CCN
    Type: OSVDB ID: 22550
    Oracle Database Network Communications (RPC) Unspecified Remote Issue (DB12)

    Source: CCN
    Type: OSVDB ID: 22551
    Oracle Database Network Communications (RPC) Unspecified Remote Issue (DB13)

    Source: CCN
    Type: OSVDB ID: 22553
    Oracle Database Text cxtsys.catsearch Unspecified SQL Issue

    Source: CCN
    Type: OSVDB ID: 22555
    Oracle Database Text CTXSYS.DRILOAD Multiple Procedure SQL Injection

    Source: CCN
    Type: OSVDB ID: 22556
    Oracle Database TNS Authentication Phase AUTH_ALTER_SESSION Attribute SQL Injection

    Source: CCN
    Type: OSVDB ID: 22557
    Oracle Database Query Optimizer sys.outln_pkg Unspecified SQL Issue

    Source: CCN
    Type: OSVDB ID: 22558
    Oracle Database Query Optimizer Unspecified Trivial Remote DoS

    Source: CCN
    Type: OSVDB ID: 22559
    Oracle Database Security sys.dbms_fga.add_policy Unspecified SQL Issue

    Source: CCN
    Type: OSVDB ID: 22563
    Oracle Database Streams Capture DBMS_CDC_PUBLISH SET_DIRECTORY_ROOT Procedure SQL Injection

    Source: CCN
    Type: OSVDB ID: 22566
    Oracle Database Upgrade & Downgrade DBMS_REGISTRY Multiple Procedure SQL Injection

    Source: CCN
    Type: OSVDB ID: 22568
    Oracle Protocol Support Unspecified Limited Impact Remote Issue

    Source: CCN
    Type: OSVDB ID: 22569
    Oracle Reorganize Objects & Convert Tablespace Unspecified Local Issue

    Source: CCN
    Type: OSVDB ID: 22570
    Oracle Java Net Network (OID) Unspecified Trivial Remote Information Disclosure

    Source: CCN
    Type: OSVDB ID: 22571
    Oracle Database HTTP Server Unspecified Trivial Remote Information Disclosure

    Source: CCN
    Type: OSVDB ID: 22572
    Oracle Database HTTP Server Unspecified Trivial Remote DoS

    Source: CCN
    Type: OSVDB ID: 22573
    Oracle Workflow Cartridge HTTP Unspecified Trivial Remote Information Disclosure (WF01)

    Source: CCN
    Type: OSVDB ID: 22574
    Oracle Workflow Cartridge HTTP Unspecified Trivial Remote Information Disclosure (WF02)

    Source: CCN
    Type: OSVDB ID: 22575
    Oracle Workflow Cartridge HTTP Unspecified Trivial Remote Information Disclosure (WF03)

    Source: CCN
    Type: OSVDB ID: 22576
    Oracle Application Server Portal HTTP Unspecified Trivial Remote Information Disclosure

    Source: CCN
    Type: OSVDB ID: 22577
    Oracle Forms HTTP Unspecified Remote Issue

    Source: CCN
    Type: OSVDB ID: 22578
    Oracle Forms File Upload Unspecified Issue

    Source: CCN
    Type: OSVDB ID: 22579
    Oracle Reports Developer HTTP Unspecified Remote Issue

    Source: CCN
    Type: OSVDB ID: 22580
    Oracle Application Server Reports Developer HTTP Unspecified Remote DoS

    Source: CCN
    Type: OSVDB ID: 22581
    Oracle Application Server Reports Developer File Upload Unspecified Issue

    Source: CCN
    Type: OSVDB ID: 22582
    Oracle Application Server Reports Developer rwservlet customize Variable Arbitrary XML File Portion Disclosure

    Source: CCN
    Type: OSVDB ID: 22585
    Oracle Collaboration Suite Email Server Trivial Remote Information Disclosure (OCS01)

    Source: CCN
    Type: OSVDB ID: 22586
    Oracle Collaboration Suite Email Server Trivial Remote Information Disclosure (OCS02)

    Source: CCN
    Type: OSVDB ID: 22587
    Oracle Collaboration Suite Email Server IMAP Authenticated Remote Trivial DoS

    Source: CCN
    Type: OSVDB ID: 22588
    Oracle Collaboration Suite Email Server IMAP/POP Unauthenticated Remote Trivial DoS

    Source: CCN
    Type: OSVDB ID: 22589
    Oracle Collaboration Suite Email Server SMTP Unspecified Issue (OCS05)

    Source: CCN
    Type: OSVDB ID: 22590
    Oracle Collaboration Suite Email Server SMTP Unspecified Issue (OCS06)

    Source: CCN
    Type: OSVDB ID: 22591
    Oracle Collaboration Suite Email Server SMTP Unspecified Issue (OCS07)

    Source: CCN
    Type: OSVDB ID: 22592
    Oracle Collaboration Suite Email Server Unspecified Local Trivial Information Disclosure

    Source: CCN
    Type: OSVDB ID: 22593
    Oracle Collaboration Suite Email Server HTTP Unspecified Remote Information Disclosure

    Source: CCN
    Type: OSVDB ID: 22594
    Oracle Collaboration Suite Wireless & Voice Local Information Disclosure

    Source: CCN
    Type: OSVDB ID: 22595
    Oracle Collaboration Suite Wireless & Voice Authenticated SMS Remote Information Disclosure

    Source: CCN
    Type: OSVDB ID: 22596
    Oracle Collaboration Suite Management SDK FTP Unspecified Issue

    Source: CCN
    Type: OSVDB ID: 22597
    Oracle Collaboration Suite Management SDK HTTP Unspecified Authenticated Issue

    Source: CCN
    Type: OSVDB ID: 22598
    Oracle Collaboration Suite Content Services Email Unspecified Information Disclosure

    Source: CCN
    Type: OSVDB ID: 22599
    Oracle Collaboration Suite Content Services HTTP Unspecified Issue

    Source: CCN
    Type: OSVDB ID: 22600
    Oracle E-Business Suite/Applications Application Install Log File Local Information Disclosure

    Source: CCN
    Type: OSVDB ID: 22601
    Oracle E-Business Suite/Applications CRM Technical Foundation HTTP Information Disclosure

    Source: CCN
    Type: OSVDB ID: 22602
    Oracle E-Business Suite/Applications iProcurement HTTP Information Disclosure

    Source: CCN
    Type: OSVDB ID: 22603
    Oracle E-Business Suite/Applications Application Object Library Log File Information Disclosure

    Source: CCN
    Type: OSVDB ID: 22604
    Oracle E-Business Suite/Applications Application Object Library HTTP Information Disclosure (APPS05)

    Source: CCN
    Type: OSVDB ID: 22605
    Oracle E-Business Suite/Applications Application Object Library HTTP Information Disclosure (APPS06)

    Source: CCN
    Type: OSVDB ID: 22606
    Oracle E-Business Suite/Applications Applications Framework HTTP Unspecified Authenticated Issue

    Source: CCN
    Type: OSVDB ID: 22607
    Oracle E-Business Suite/Applications Applications Technology Stack HTTP Trivial Information Disclosure (APPS08)

    Source: CCN
    Type: OSVDB ID: 22608
    Oracle E-Business Suite/Applications Applications Technology Stack HTTP Trivial Information Disclosure (APPS10)

    Source: CCN
    Type: OSVDB ID: 22609
    Oracle E-Business Suite/Applications Applications Technology Stack HTTP Trivial Information Disclosure (APPS11)

    Source: CCN
    Type: OSVDB ID: 22610
    Oracle E-Business Suite/Applications Human Resources HTTP Authenticated Information Disclosure

    Source: CCN
    Type: OSVDB ID: 22611
    Oracle E-Business Suite/Applications iLearning HTTP Information Disclosure (APPS13)

    Source: CCN
    Type: OSVDB ID: 22612
    Oracle E-Business Suite/Applications iLearning HTTP Information Disclosure (APPS14)

    Source: CCN
    Type: OSVDB ID: 22613
    Oracle E-Business Suite/Applications Marketing HTTP Authenticated Issue (APPS15)

    Source: CCN
    Type: OSVDB ID: 22614
    Oracle E-Business Suite/Applications Marketing HTTP Authenticated Issue (APPS16)

    Source: CCN
    Type: OSVDB ID: 22615
    Oracle E-Business Suite/Applications Marketing Encyclopedia System HTTP Information Disclosure

    Source: CCN
    Type: OSVDB ID: 22616
    Oracle E-Business Suite/Applications Trade Management HTTP Information Disclosure

    Source: CCN
    Type: OSVDB ID: 22617
    Oracle E-Business Suite/Applications Web Applications Desktop Integration HTTP Information Disclosure

    Source: CCN
    Type: OSVDB ID: 22618
    Oracle PeopleSoft Enterprise Portal Unspecified Local Issue

    Source: CCN
    Type: OSVDB ID: 22619
    Oracle JD Edwards HTML Server HTTP Unspecified Issue

    Source: CCN
    Type: OSVDB ID: 22620
    Oracle E-Business Suite/Applications Applications Technology Stack HTTP Trivial Information Disclosure (APPS09)

    Source: CCN
    Type: OSVDB ID: 22637
    Oracle Database Data Pump Metadata API DBMS_METADATA_INT Multiple Procedure SQL Injection

    Source: CCN
    Type: OSVDB ID: 22639
    Oracle Database Text CTXSYS.DRIDML CLEAN_DML Procedure SQL Injection

    Source: CCN
    Type: OSVDB ID: 22640
    Oracle Database Text CTXSYS.CTX_DOC GET_ROWID Procedure SQL Injection

    Source: CCN
    Type: OSVDB ID: 22641
    Oracle Database Text CTXSYS.CTX_QUERY BROWSE_WORDS Procedure SQL Injection

    Source: CCN
    Type: OSVDB ID: 22642
    Oracle Database Text CATINDEXMETHODS Multiple Procedure SQL Injection

    Source: CCN
    Type: OSVDB ID: 22643
    Oracle Database Data Pump Metadata API DBMS_METADATA Unspecified Procedure SQL Injection

    Source: CCN
    Type: OSVDB ID: 60409
    Oracle Client Utility Unspecified Remote Overflow

    Source: CCN
    Type: BID-16287
    Oracle January Security Update Multiple Vulnerabilities

    Source: CCN
    Type: IBM Internet Security Systems X-Force Database
    Oracle Reports Server customize parameter information disclosure

    Source: XF
    Type: UNKNOWN
    oracle-january2006-update(24321)

    BACK
    oracle database server 8.1.7.4
    oracle database server 9.0.1.5
    oracle database server 9.0.1.5
    oracle database server 9.2.0.7
    oracle database server 10.1.0.5
    oracle database server 9.2.0.6 r2
    oracle database server 10.1.0.3 r1
    oracle database server 10.1.0.4 r1
    oracle database server 10.1.0.5 r1
    oracle database server 9.2.0.7 r2
    oracle database server 8.1.7.4 r3