CVE-2006-0271

Name of the Vulnerable Software and Affected Versions Oracle Database server versions 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4

Description The issue is related to an unspecified vulnerability in the Upgrade & Downgrade component, potentially allowing SQL injection in the DBMS REGISTRY package. This affects certain parameters to the following functions: (1) IS COMPONENT, (2) GET COMP OPTION, (3) DISABLE DDL TRIGGERS, (4) SCRIPT EXISTS, (5) COMP PATH, (6) GATHER STATS, (7) NOTHING SCRIPT, and (8) VALIDATE COMPONENTS. The estimated number of potentially affected devices and details about real-world incidents are not available.

Recommendations For Oracle Database server version 8.1.7.4, consider disabling the DBMS REGISTRY package until a patch is available. For Oracle Database server version 9.0.1.5, restrict access to the DBMS REGISTRY package to minimize the risk of exploitation. For Oracle Database server version 9.2.0.7, avoid using the vulnerable functions in the DBMS REGISTRY package until the issue is resolved. For Oracle Database server version 10.1.0.4, consider applying configuration changes to limit the impact of the vulnerability, such as restricting access to the affected parameters.