Info

Disclosure

Apr 19, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Oracle Database Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an unspecified action occurs, resulting in a loss of confidentiality.

Classification

Location: Local Access Required, Location Unknown
Attack Type: Information Disclosure, Attack Type Unknown
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Products

Oracle Corporation	Oracle8i Database Server Release 3	8.1.7.4
	Oracle 9i Database Server Release 1	9.0.1.5
	Oracle 9i Database Server Release 2	9.2.0.7

References

Security Tracker: 1015961
Secunia Advisory ID: 19712 19859
CVE ID: 2006-1877 (see also: NVD)
Related OSVDB ID: 24825 24826 24827 24828 24829 24831 24835 24848 24849 24850 24851 24852 24853 24854 24855 24856 24857 24858 24859 24860
Keyword: c00651782,HPSBMA02113,SSRT061148 Oracle Critical Patch Update - April 2006,DB13
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0573.html
Vendor Specific Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00651782
http://www.oracle.com/technology/deploy/security/pdf/cpuapr2006.html
News Article: http://news.com.com/2100-1002_3-6062438.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/24861

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Oracle Corporation

Oracle8i Database Server Release 3

Oracle 9i Database Server Release 1

Oracle 9i Database Server Release 2

References

Credit