CVE-2006-2081

Name of the Vulnerable Software and Affected Versions Oracle Database Server 10g Release 2

Description The issue allows local users to execute arbitrary SQL queries via the GET DOMAIN INDEX METADATA function in the DBMS EXPORT EXTENSION package. This is due to insecure privileges that facilitate the introduction of SQL, which is not related to special characters.

Recommendations For Oracle Database Server 10g Release 2, consider restricting access to the DBMS EXPORT EXTENSION package to minimize the risk of exploitation. As a temporary workaround, consider disabling the GET DOMAIN INDEX METADATA function until a patch is available.