N1V1Hd $3C41R3Exploitbugtraq

**Name of the Vulnerable Software and Affected Versions** Oracle Database versions 8.1.7.4 through 10.2.0.2 **Description** The issue affects Oracle Database and involves multiple unspecified vulnerabilities with unknown impact and attack vectors. It is noted that one of the vulnerabilities might be related to SQL injection using DBMS EXPORT EXTENSION with a modified ODCIIndexGetMetadata routine and a call to GET DOMAIN INDEX METADATA. **Recommendations** For Oracle Database versions 8.1.7.4 through 10.2.0.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Database Server 10g Release 2 **Description** The issue allows local users to execute arbitrary SQL queries via the GET DOMAIN INDEX METADATA function in the DBMS EXPORT EXTENSION package. This is due to insecure privileges that facilitate the introduction of SQL, which is not related to special characters. **Recommendations** For Oracle Database Server 10g Release 2, consider restricting access to the DBMS EXPORT EXTENSION package to minimize the risk of exploitation. As a temporary workaround, consider disabling the GET DOMAIN INDEX METADATA function until a patch is available.