CVE-2006-0260

Name of the Vulnerable Software and Affected Versions Oracle Database server versions 9.2.0.7 and 10.1.0.5

Description The issue involves multiple unspecified vulnerabilities in various components of the Oracle Database server, including the Data Pump, Oracle Text, Streams Apply, Streams Capture, and Streams Subcomponent. One of the vulnerabilities, DB05, is claimed by a reliable independent researcher to involve SQL injection in several functions within the DBMS METADATA UTIL, DBMS METADATA INT, and DBMS METADATA packages. These functions include LONG2VARCHAR, LONG2VCMAX, LONG2VCNT, LONG2CLOB, MAKE FILTER, FETCH VIEWS ERROR, FETCH FILTERS, FETCH VIEWS, SET FILTER COMMON, DO FILTER SCRIPT, SET TABLE FILTERS, MAKE FILTER TEXT, and GET PREPOST TABLE ACT.

Recommendations For Oracle Database server version 9.2.0.7, consider disabling the affected functions in the DBMS METADATA UTIL, DBMS METADATA INT, and DBMS METADATA packages as a temporary workaround until a patch is available. For Oracle Database server version 10.1.0.5, consider disabling the affected functions in the DBMS METADATA UTIL, DBMS METADATA INT, and DBMS METADATA packages as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.