Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 DB:ORACLE:SDO_CS-TRANS-OF

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 DB

Keywords

 Oracle SDO_CS.TRANSFORM_LAYER Buffer Overflow

Release Date

 2006/11/01

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

DB: Oracle SDO_CS.TRANSFORM_LAYER Buffer Overflow


This signature detects attempts to exploit a known vulnerability in the Oracle database TNS. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Extended Description

Multiple vulnerabilities affect various Oracle applications, including: Oracle Database Oracle Application Server Oracle Application Express Oracle Collaboration Suite Oracle E-Business Suite Oracle Pharmaceutical Applications Oracle PeopleSoft Enterprise PeopleTools and Portal Solutions JD Edwards EnterpriseOne JD Edwards OneWorld Tools Oracle has released a Critical Patch Update advisory for October 2006 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The Oracle advisory details 101 vulnerabilities in all. This BID will be updated as further analysis of the individual issues reveals more detailed information.

Affected Products

  • HP Oracle for OpenView 8.1.7
  • HP Oracle for OpenView 9.1.01
  • HP Oracle for OpenView 9.2
  • Oracle Application Server 10g 9.0.4
  • Oracle Application Server 10g 9.0.4 .1
  • Oracle Application Server 10g 9.0.4 .2
  • Oracle Application Server 10g 9.0.4 .3
  • Oracle Application Server Release 2 9.0.2 .3
  • Oracle Collaboration Suite Release 1 10.1.2
  • Oracle Collaboration Suite Release 2 9.0.4 .2
  • Oracle Developer Suite 10.1.2.0.2
  • Oracle Developer Suite 10.1.2.2
  • Oracle Developer Suite 6i
  • Oracle Developer Suite 9.0.4 .1
  • Oracle Developer Suite 9.0.4 .2
  • Oracle Developer Suite 9.0.4 .3
  • Oracle E-Business Suite 11.0.0
  • Oracle E-Business Suite 11i 11.5.10
  • Oracle E-Business Suite 11i 11.5.10 CU2
  • Oracle E-Business Suite 11i 11.5.7
  • Oracle E-Business Suite 11i 11.5.8
  • Oracle E-Business Suite 11i 11.5.9
  • Oracle HTML DB 1.5.0
  • Oracle HTML DB 1.5.1
  • Oracle HTML DB 1.6.0
  • Oracle HTML DB 1.6.1
  • Oracle HTML DB 2.0.0
  • Oracle JD Edwards EnterpriseOne 8.95
  • Oracle JD Edwards EnterpriseOne 8.95.0 B1
  • Oracle JD Edwards EnterpriseOne 8.95.0 F1
  • Oracle JD Edwards EnterpriseOne 8.95.J1
  • Oracle JD Edwards EnterpriseOne 8.96
  • Oracle JD Edwards OneWorld Tools SP23
  • Oracle Oracle10g Application Server 10.1.2
  • Oracle Oracle10g Application Server 10.1.2 .0.1
  • Oracle Oracle10g Application Server 10.1.2 .0.2
  • Oracle Oracle10g Application Server 10.1.2 .1.0
  • Oracle Oracle10g Application Server 10.1.3 .0.0
  • Oracle Oracle10g Application Server 9.0.4 .0
  • Oracle Oracle10g Application Server 9.0.4 .1
  • Oracle Oracle10g Application Server 9.0.4 .2
  • Oracle Oracle10g Enterprise Edition 10.1.0 .0.3
  • Oracle Oracle10g Enterprise Edition 10.1.0 .0.4
  • Oracle Oracle10g Enterprise Edition 10.2.0 .1
  • Oracle Oracle10g Enterprise Edition 10.2.0 .2
  • Oracle Oracle10g Personal Edition 10.1.0 .0.3
  • Oracle Oracle10g Personal Edition 10.1.0 .0.4
  • Oracle Oracle10g Personal Edition 10.2.0 .1
  • Oracle Oracle10g Personal Edition 10.2.0 .2
  • Oracle Oracle10g Standard Edition 10.1.0 .0.3
  • Oracle Oracle10g Standard Edition 10.1.0 .0.4
  • Oracle Oracle10g Standard Edition 10.1.0 .0.5
  • Oracle Oracle10g Standard Edition 10.2.0.1
  • Oracle Oracle10g Standard Edition 10.2.0 .2
  • Oracle Oracle8i Enterprise Edition 8.1.7.4.0
  • Oracle Oracle8i Standard Edition 8.1.7 .4
  • Oracle Oracle9i Application Server 1.0.2 .2
  • Oracle Oracle9i Application Server 9.0.2 .3
  • Oracle Oracle9i Application Server 9.0.3 .1
  • Oracle Oracle9i Enterprise Edition 9.0.1 .4
  • Oracle Oracle9i Enterprise Edition 9.0.1 .5
  • Oracle Oracle9i Enterprise Edition 9.0.1 .5 FIPS
  • Oracle Oracle9i Enterprise Edition 9.2.0 .0.5
  • Oracle Oracle9i Enterprise Edition 9.2.0.6.0
  • Oracle Oracle9i Enterprise Edition 9.2.0.7.0
  • Oracle Oracle9i Personal Edition 9.0.1 .4
  • Oracle Oracle9i Personal Edition 9.0.1 .5
  • Oracle Oracle9i Personal Edition 9.0.1 .5 FIPS
  • Oracle Oracle9i Personal Edition 9.2.0 .0.5
  • Oracle Oracle9i Personal Edition 9.2.0 .6
  • Oracle Oracle9i Personal Edition 9.2.0 .7
  • Oracle Oracle9i Standard Edition 9.0.1 .4
  • Oracle Oracle9i Standard Edition 9.0.1 .5
  • Oracle Oracle9i Standard Edition 9.0.1 .5 FIPS
  • Oracle Oracle9i Standard Edition 9.2.0 .0.5
  • Oracle Oracle9i Standard Edition 9.2.0 .6
  • Oracle Oracle9i Standard Edition 9.2.0 .7
  • Oracle PeopleSoft Enterprise PeopleTools 8.22
  • Oracle PeopleSoft Enterprise PeopleTools 8.46
  • Oracle PeopleSoft Enterprise PeopleTools 8.47
  • Oracle PeopleSoft Enterprise PeopleTools 8.48
  • Oracle PeopleSoft Enterprise Portal 8.8
  • Oracle PeopleSoft Enterprise Portal 8.9
  • Oracle PeopleSoft Enterprise Tools 8.46.12
  • Oracle PeopleSoft Enterprise Tools 8.46 GA
  • Oracle PeopleSoft Enterprise Tools 8.47.01
  • Oracle PeopleSoft Enterprise Tools 8.47.02
  • Oracle PeopleSoft Enterprise Tools 8.47.03
  • Oracle PeopleSoft Enterprise Tools 8.47.04
  • Oracle PeopleSoft Enterprise Tools 8.47 GA
  • Oracle Pharmaceutical Applications 4.5.0
  • Oracle Pharmaceutical Applications 4.5.1

References

  • BugTraq: 20588
  • CVE: CVE-2006-5372
  • CVE: CVE-2006-5344
  • URL: http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf
  • URL: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out