CVE-2006-3698

Name of the Vulnerable Software and Affected Versions Oracle Database version 10.1.0.5

Description The issue involves multiple unspecified vulnerabilities in the Oracle Database, with unknown impact and attack vectors. It is related to SQL injection vulnerabilities in certain procedures, including IMPORT CHANGE SET, IMPORT CHANGE TABLE, IMPORT CHANGE COLUMN, IMPORT SUBSCRIBER, IMPORT SUBSCRIBED TABLE, IMPORT SUBSCRIBED COLUMN, VALIDATE IMPORT, VALIDATE CHANGE SET, VALIDATE CHANGE TABLE, and VALIDATE SUBSCRIPTION in the SYS.DBMS CDC IMPDP component, as well as SQL injection in the MAIN procedure for SYS.KUPW$WORKER.

Recommendations For Oracle Database version 10.1.0.5, consider disabling the SYS.DBMS CDC IMPDP component and restricting access to the SYS.KUPW$WORKER procedure until a patch is available. Avoid using the vulnerable procedures, including IMPORT CHANGE SET, IMPORT CHANGE TABLE, IMPORT CHANGE COLUMN, IMPORT SUBSCRIBER, IMPORT SUBSCRIBED TABLE, IMPORT SUBSCRIBED COLUMN, VALIDATE IMPORT, VALIDATE CHANGE SET, VALIDATE CHANGE TABLE, and VALIDATE SUBSCRIPTION, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.