<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-0270" target="_blank">CVE</a>)</em> : Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA.

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch (Jan2006 Critical Patch Update) to address this vulnerability.

• Bugtraq ID: 16287
• Secunia Advisory ID: 18493 18608
• CVE ID: 2006-0270 (see also: NVD)
• CERT VU: 545804
• VUPEN Advisory: ADV-2006-0243 ADV-2006-0323
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0420.html
  http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0574.html
• News Article: http://news.com.com/Oracle+fixes+pile+of+bugs/2100-1002_3-6027847.html
• Vendor Specific Advisory URL: http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
  http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=c00593668
• Other Advisory URL: http://www.red-database-security.com/advisory/oracle_tde_unencrypted_sga.html

Unknown or Incomplete