CVE-2006-5333

Name of the Vulnerable Software and Affected Versions Oracle Database version 10.2.0.2

Description The issue concerns an unspecified vulnerability in the Oracle Spatial component, which has remote authenticated attack vectors. It is related to "create session" privileges. Reports from reliable third parties suggest that this issue may be related to SQL injection in the SDO DROP USER BEFORE package. This potentially occurs when using a Trigger for a DROP USER statement in an anonymous PL/SQL block.

Recommendations For Oracle Database version 10.2.0.2, consider restricting access to the SDO DROP USER BEFORE package and avoid using Triggers for DROP USER statements in anonymous PL/SQL blocks until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.