CVE-2005-4832

Name of the Vulnerable Software and Affected Versions Oracle Database Server 10g

Description A SQL injection issue allows remote authenticated users to execute arbitrary SQL commands with elevated privileges. This is achieved via the SUBSCRIPTION NAME parameter in the (1) SYS.DBMS CDC SUBSCRIBE and (2) SYS.DBMS CDC ISUBSCRIBE packages.

Recommendations For Oracle Database Server 10g, avoid using the SUBSCRIPTION NAME parameter in the SYS.DBMS CDC SUBSCRIBE and SYS.DBMS CDC ISUBSCRIBE packages until a fix is available. As a temporary workaround, consider restricting access to these packages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.