CVE-2006-5334

Name of the Vulnerable Software and Affected Versions Oracle Database versions 9.0.1.5, 9.2.0.7, and 10.1.0.5

Description The issue concerns an unspecified vulnerability in the Oracle Spatial component, related to mdsys.md2. It has remote authenticated attack vectors and unknown impact. There are reports suggesting it may be related to either a buffer overflow in the RELATE function or SQL injection in the TESSELATE FIXED and TESSELATE functions.

Recommendations For Oracle Database version 9.0.1.5, consider restricting access to the mdsys.md2 component until a fix is available. For Oracle Database version 9.2.0.7, consider disabling the RELATE function as a temporary workaround. For Oracle Database version 10.1.0.5, avoid using the TESSELATE FIXED and TESSELATE functions until the issue is resolved.