CVE-2006-2505

Name of the Vulnerable Software and Affected Versions Oracle Database Server 10g Release 2

Description The issue allows local users to execute arbitrary SQL queries by referencing a malicious package in the TYPE NAME argument within the GET DOMAIN INDEX TABLES or GET V2 DOMAIN INDEX TABLES function in the DBMS EXPORT EXTENSION package.

Recommendations For Oracle Database Server 10g Release 2, consider restricting access to the DBMS EXPORT EXTENSION package to minimize the risk of exploitation. As a temporary workaround, avoid using the TYPE NAME argument in the affected functions until a fix is available.