Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 DB:ORACLE:SDO_CS-TRANS-OF

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 DB

Keywords

 Oracle SDO_CS.TRANSFORM_LAYER Buffer Overflow

Release Date

 2006/11/01

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

DB: Oracle SDO_CS.TRANSFORM_LAYER Buffer Overflow


This signature detects attempts to exploit a known vulnerability in the Oracle database TNS. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Extended Description

Multiple vulnerabilities affect various Oracle applications, including: Oracle Database Oracle Application Server Oracle Application Express Oracle Collaboration Suite Oracle E-Business Suite Oracle Pharmaceutical Applications Oracle PeopleSoft Enterprise PeopleTools and Portal Solutions JD Edwards EnterpriseOne JD Edwards OneWorld Tools Oracle has released a Critical Patch Update advisory for October 2006 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The Oracle advisory details 101 vulnerabilities in all. This BID will be updated as further analysis of the individual issues reveals more detailed information.

Affected Products

  • Hp oracle_for_openview 8.1.7
  • Hp oracle_for_openview 9.1.01
  • Hp oracle_for_openview 9.2
  • Oracle application_server_10g 9.0.4
  • Oracle application_server_10g 9.0.4 .1
  • Oracle application_server_10g 9.0.4 .2
  • Oracle application_server_10g 9.0.4 .3
  • Oracle application_server_release_2 9.0.2 .3
  • Oracle collaboration_suite_release_1 10.1.2
  • Oracle collaboration_suite_release_2 9.0.4 .2
  • Oracle developer_suite 10.1.2.0.2
  • Oracle developer_suite 10.1.2.2
  • Oracle developer_suite 6i
  • Oracle developer_suite 9.0.4 .1
  • Oracle developer_suite 9.0.4 .2
  • Oracle developer_suite 9.0.4 .3
  • Oracle e-business_suite 11.0.0
  • Oracle e-business_suite_11i 11.5.10
  • Oracle e-business_suite_11i 11.5.10 CU2
  • Oracle e-business_suite_11i 11.5.7
  • Oracle e-business_suite_11i 11.5.8
  • Oracle e-business_suite_11i 11.5.9
  • Oracle html_db 1.5.0
  • Oracle html_db 1.5.1
  • Oracle html_db 1.6.0
  • Oracle html_db 1.6.1
  • Oracle html_db 2.0.0
  • Oracle jd_edwards_enterpriseone 8.95
  • Oracle jd_edwards_enterpriseone 8.95.0 B1
  • Oracle jd_edwards_enterpriseone 8.95.0 F1
  • Oracle jd_edwards_enterpriseone 8.95.J1
  • Oracle jd_edwards_enterpriseone 8.96
  • Oracle jd_edwards_oneworld_tools SP23
  • Oracle oracle10g_application_server 10.1.2
  • Oracle oracle10g_application_server 10.1.2 .0.1
  • Oracle oracle10g_application_server 10.1.2 .0.2
  • Oracle oracle10g_application_server 10.1.2 .1.0
  • Oracle oracle10g_application_server 10.1.3 .0.0
  • Oracle oracle10g_application_server 9.0.4 .0
  • Oracle oracle10g_application_server 9.0.4 .1
  • Oracle oracle10g_application_server 9.0.4 .2
  • Oracle oracle10g_enterprise_edition 10.1.0 .0.3
  • Oracle oracle10g_enterprise_edition 10.1.0 .0.4
  • Oracle oracle10g_enterprise_edition 10.2.0 .1
  • Oracle oracle10g_enterprise_edition 10.2.0 .2
  • Oracle oracle10g_personal_edition 10.1.0 .0.3
  • Oracle oracle10g_personal_edition 10.1.0 .0.4
  • Oracle oracle10g_personal_edition 10.2.0 .1
  • Oracle oracle10g_personal_edition 10.2.0 .2
  • Oracle oracle10g_standard_edition 10.1.0 .0.3
  • Oracle oracle10g_standard_edition 10.1.0 .0.4
  • Oracle oracle10g_standard_edition 10.1.0 .0.5
  • Oracle oracle10g_standard_edition 10.2.0.1
  • Oracle oracle10g_standard_edition 10.2.0 .2
  • Oracle oracle8i_enterprise_edition 8.1.7.4.0
  • Oracle oracle8i_standard_edition 8.1.7 .4
  • Oracle oracle9i_application_server 1.0.2 .2
  • Oracle oracle9i_application_server 9.0.2 .3
  • Oracle oracle9i_application_server 9.0.3 .1
  • Oracle oracle9i_enterprise_edition 9.0.1 .4
  • Oracle oracle9i_enterprise_edition 9.0.1 .5
  • Oracle oracle9i_enterprise_edition 9.0.1 .5 FIPS
  • Oracle oracle9i_enterprise_edition 9.2.0 .0.5
  • Oracle oracle9i_enterprise_edition 9.2.0.6.0
  • Oracle oracle9i_enterprise_edition 9.2.0.7.0
  • Oracle oracle9i_personal_edition 9.0.1 .4
  • Oracle oracle9i_personal_edition 9.0.1 .5
  • Oracle oracle9i_personal_edition 9.0.1 .5 FIPS
  • Oracle oracle9i_personal_edition 9.2.0 .0.5
  • Oracle oracle9i_personal_edition 9.2.0 .6
  • Oracle oracle9i_personal_edition 9.2.0 .7
  • Oracle oracle9i_standard_edition 9.0.1 .4
  • Oracle oracle9i_standard_edition 9.0.1 .5
  • Oracle oracle9i_standard_edition 9.0.1 .5 FIPS
  • Oracle oracle9i_standard_edition 9.2.0 .0.5
  • Oracle oracle9i_standard_edition 9.2.0 .6
  • Oracle oracle9i_standard_edition 9.2.0 .7
  • Oracle peoplesoft_enterprise_peopletools 8.22
  • Oracle peoplesoft_enterprise_peopletools 8.46
  • Oracle peoplesoft_enterprise_peopletools 8.47
  • Oracle peoplesoft_enterprise_peopletools 8.48
  • Oracle peoplesoft_enterprise_portal 8.8
  • Oracle peoplesoft_enterprise_portal 8.9
  • Oracle peoplesoft_enterprise_tools 8.46.12
  • Oracle peoplesoft_enterprise_tools 8.46 GA
  • Oracle peoplesoft_enterprise_tools 8.47.01
  • Oracle peoplesoft_enterprise_tools 8.47.02
  • Oracle peoplesoft_enterprise_tools 8.47.03
  • Oracle peoplesoft_enterprise_tools 8.47.04
  • Oracle peoplesoft_enterprise_tools 8.47 GA
  • Oracle pharmaceutical_applications 4.5.0
  • Oracle pharmaceutical_applications 4.5.1

References

  • BugTraq: 20588
  • CVE: CVE-2006-5344
  • CVE: CVE-2006-5372
  • URL: http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf
  • URL: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out