CVE-2006-0272

Name of the Vulnerable Software and Affected Versions Oracle Database server versions 9.2.0.7 through 10.1.0.4

Description The issue is related to an unspecified vulnerability in the XML Database component, potentially a buffer overflow in the DBMS XMLSCHEMA and DBMS XMLSCHEMA INT packages. This can be exploited via long arguments to the XDB.DBMS XMLSCHEMA.GENERATESCHEMA or XDB.DBMS XMLSCHEMA.GENERATESCHEMAS functions.

Recommendations For Oracle Database server versions 9.2.0.7 through 10.1.0.4, consider restricting access to the DBMS XMLSCHEMA and DBMS XMLSCHEMA INT packages as a temporary workaround until a patch is available. Avoid using long arguments with the XDB.DBMS XMLSCHEMA.GENERATESCHEMA and XDB.DBMS XMLSCHEMA.GENERATESCHEMAS functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.