CVE-2006-0265

Name of the Vulnerable Software and Affected Versions Oracle Database server versions 8.1.7.4 through 10.2.0.1

Description The issue involves multiple unspecified vulnerabilities in the Oracle Database server, affecting components such as Oracle Text and Program Interface Network. It is reported that one of the vulnerabilities, DB17, involves SQL injection in various functions, including VALIDATE STATEMENT and BUILD DML in CTXSYS.DRILOAD, CLEAN DML in CTXSYS.DRIDML, GET ROWID in CTXSYS.CTX DOC, BROWSE WORDS in CTXSYS.CTX QUERY, and ODCIINDEXTRUNCATE, ODCIINDEXDROP, and ODCIINDEXDELETE in CATINDEXMETHODS. The impact and attack vectors of these vulnerabilities are unspecified.

Recommendations For Oracle Database server versions 8.1.7.4 through 10.2.0.1, as a temporary workaround, consider disabling the VALIDATE STATEMENT and BUILD DML functions in CTXSYS.DRILOAD, the CLEAN DML function in CTXSYS.DRIDML, the GET ROWID function in CTXSYS.CTX DOC, the BROWSE WORDS function in CTXSYS.CTX QUERY, and the ODCIINDEXTRUNCATE, ODCIINDEXDROP, and ODCIINDEXDELETE functions in CATINDEXMETHODS until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.