<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-0261" target="_blank">CVE</a>)</em> : Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB07 in the Dictionary component and (2) DB14 in the Oracle Label Security component. NOTE: Oracle has not disputed reliable researcher claims that DB07 involves plaintext storage of the TDE wallet password in a trace file by event 10053.

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch (Jan2006 Critical Patch Update) to address this vulnerability.

• Secunia Advisory ID: 18493 18608
• CVE ID: 2006-0261 (see also: NVD)
• CERT VU: 545804
• Keyword: DB07,Oracle Bug 5802023 Document ID: c00593668 HPSBMA02094 SSRT061104
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0420.html
  http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0580.html
• News Article: http://news.com.com/Oracle+fixes+pile+of+bugs/2100-1002_3-6027847.html
• Vendor Specific Advisory URL: http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
  http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=c00593668
• Other Advisory URL: http://www.red-database-security.com/advisory/oracle_tde_wallet_password.html

Unknown or Incomplete