CVE-2006-0547

Name of the Vulnerable Software and Affected Versions Oracle Database versions 8i, 9i, and 10g

Description The issue allows remote authenticated users to execute arbitrary SQL statements in the context of the SYS user, bypassing audit logging. This can include creating new privileged database accounts. The vulnerability is exploited via a modified AUTH ALTER SESSION attribute in the authentication phase of the Transparent Network Substrate (TNS) protocol.

Recommendations For Oracle Database versions 8i, 9i, and 10g, consider restricting access to the SYS user and limiting the execution of arbitrary SQL statements until a fix is available. As a temporary workaround, consider disabling the modification of the AUTH ALTER SESSION attribute in the TNS protocol to minimize the risk of exploitation.