CVE-2006-0259

Name of the Vulnerable Software and Affected Versions Oracle Database server version 10.1.0.5

Description The issue affects the Oracle Database server and involves multiple unspecified vulnerabilities in various components, including the Data Pump, Net Listener, and Oracle Text components. Specifically, it is claimed by a reliable independent researcher that one of the vulnerabilities, DB06, is a SQL injection issue in certain functions within the DBMS DATAPUMP module, including GENERATE JOB NAME, GET WORKERSTATUSLIST1010, GET PARAMVALUES1010, GET DUMPFILESET1010, GET JOBSTATUS1010, ATTACH, and ESTABLISH REMOTE CONTEXT. The exact impact and attack vectors are not specified due to unavailable details from Oracle.

Recommendations For Oracle Database server version 10.1.0.5, as a temporary workaround, consider restricting access to the affected functions in the DBMS DATAPUMP module, specifically GENERATE JOB NAME, GET WORKERSTATUSLIST1010, GET PARAMVALUES1010, GET DUMPFILESET1010, GET JOBSTATUS1010, ATTACH, and ESTABLISH REMOTE CONTEXT, until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.