CVE-2006-3705

Name of the Vulnerable Software and Affected Versions Oracle Database version 10.1.0.5

Description The issue concerns multiple unspecified vulnerabilities in Oracle Database. These vulnerabilities have unknown impact and attack vectors. It is claimed by a researcher that one of the vulnerabilities is a local SQL injection issue in SYS.DBMS STATS, and another is an SQL injection vulnerability in SYS.DBMS UPGRADE.

Recommendations For Oracle Database version 10.1.0.5, as a temporary workaround, consider restricting access to SYS.DBMS STATS and SYS.DBMS UPGRADE to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.