CVE-2006-5335

Name of the Vulnerable Software and Affected Versions Oracle Database versions 10.1.0.5 through 10.2.0.2

Description The issue involves multiple unspecified vulnerabilities with remote authenticated attack vectors. These vulnerabilities are related to the Change Data Capture (CDC) and Oracle Spatial components. Specifically, they involve sys.dbms cdc impdp, sys.dbms cdc isubscribe, and mdsys.sdo geor int. Reports from reliable third parties suggest that these issues may be related to SQL injection in certain functions.

Recommendations For Oracle Database versions 10.1.0.5 through 10.2.0.2, consider restricting access to the vulnerable components, such as the Change Data Capture (CDC) and Oracle Spatial components, until a fix is available. As a temporary workaround, consider disabling the use of the BUMP SEQUENCE, CREATE SUBSCRIPTION, EXTEND WINDOW LIST, SUBSCRIBE, and COMPRESSDATA functions to minimize the risk of exploitation.