CVE-2006-1866

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 8.1.7.4 through 10.1.0.5

Description The issue affects the Advanced Replication and Oracle Spatial components. Specifically, it involves an unknown issue in the DBMS REPUTIL package and SQL injection in the INSERT CATALOG, UPDATE CATALOG, and DELETE CATALOG functions of the SDO CATALOG package.

Recommendations For versions 8.1.7.4 through 10.1.0.5, as a temporary workaround, consider disabling the DBMS REPUTIL package and restricting access to the SDO CATALOG package until a patch is available. Avoid using the INSERT CATALOG, UPDATE CATALOG, and DELETE CATALOG functions in the SDO CATALOG package until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.