CVE-2006-5336

Name of the Vulnerable Software and Affected Versions Oracle Database versions 9.2.0.7 through 10.1.0.5

Description The issue concerns multiple unspecified vulnerabilities in the Change Data Capture (CDC) component. These vulnerabilities have unknown impact and are related to remote authenticated attack vectors. Specifically, they involve the sys.dbms cdc ipublish and sys.dbms cdc isubscribe components. Reports suggest that one vulnerability may be related to SQL injection in CREATE CHANGE TABLE and CHANGE TABLE TRIGGER, while another may be related to PL/SQL injection in the PREPARE UNBOUNDED VIEW procedure.

Recommendations For Oracle Database versions 9.2.0.7 through 10.1.0.5, consider restricting access to the sys.dbms cdc ipublish and sys.dbms cdc isubscribe components until a patch is available. As a temporary workaround, avoid using the CREATE CHANGE TABLE and CHANGE TABLE TRIGGER procedures, as well as the PREPARE UNBOUNDED VIEW procedure, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.