CVE-2006-1874

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 8.1.7.4, 9.0.1.5, and 9.2.0.6

Description The issue concerns an unspecified vulnerability in the Oracle Spatial component, potentially allowing SQL injection attacks. This could enable remote attackers to bypass security restrictions, execute arbitrary SQL commands, and gain access to sensitive data. The vulnerability is related to the MDSYS.PRVT IDX component and involves the EXECUTE INSERT, EXECUTE DELETE, EXECUTE UPDATE, and CRT DUMMY functions.

Recommendations For Oracle Database Server version 8.1.7.4, update to a version that includes the fix for this issue. For Oracle Database Server version 9.0.1.5, update to a version that includes the fix for this issue. For Oracle Database Server version 9.2.0.6, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the MDSYS.PRVT IDX component and its related functions, such as EXECUTE INSERT, EXECUTE DELETE, EXECUTE UPDATE, and CRT DUMMY, until a patch is available.