CVE-2006-5339

Name of the Vulnerable Software and Affected Versions Oracle Database versions 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4

Description The issue is related to the Oracle Spatial component, specifically the mdsys.sdo geom, and has remote authenticated attack vectors. It is reported to be related to "length checking" in the RELATE function before MD2.RELATE is called. The impact of this issue is unknown.

Recommendations For Oracle Database version 8.1.7.4, update to a version that includes the fix for this issue. For Oracle Database version 9.0.1.5, update to a version that includes the fix for this issue. For Oracle Database version 9.2.0.7, update to a version that includes the fix for this issue. For Oracle Database version 10.1.0.4, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the mdsys.sdo geom component until a patch is available.