CVE-2006-1876

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 9.2.0.7 through 10.1.0.4

Description The issue concerns an unspecified vulnerability in the Oracle Spatial component, potentially related to SQL injection in the GEN RID RANGE BY AREA and GEN RID RANGE functions within the MDSYS.SDO PRIDX package. Details about the vulnerability are limited due to unavailability from Oracle.

Recommendations For Oracle Database Server versions 9.2.0.7 through 10.1.0.4, consider restricting access to the MDSYS.SDO PRIDX package or temporarily disabling the GEN RID RANGE BY AREA and GEN RID RANGE functions as a mitigation measure until more information is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.