CVE-2006-5344

Name of the Vulnerable Software and Affected Versions Oracle Database versions 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4

Description The issue is related to unspecified vulnerabilities in the Oracle Spatial component, with remote authenticated attack vectors. It involves mdsys.sdo 3gl and mdsys.sdo cs, which are reportedly related to buffer overflows and SQL injection in GEOM OPERATION and TRANSFORM LAYER.

Recommendations For Oracle Database version 8.1.7.4, update to a version that includes the fix for the buffer overflow in GEOM OPERATION and SQL injection in TRANSFORM LAYER. For Oracle Database version 9.0.1.5, update to a version that includes the fix for the buffer overflow in GEOM OPERATION and SQL injection in TRANSFORM LAYER. For Oracle Database version 9.2.0.7, update to a version that includes the fix for the buffer overflow in GEOM OPERATION and SQL injection in TRANSFORM LAYER. For Oracle Database version 10.1.0.4, update to a version that includes the fix for the buffer overflow in GEOM OPERATION and SQL injection in TRANSFORM LAYER.