CVE-2006-5340

Name of the Vulnerable Software and Affected Versions Oracle Database versions 8.1.7.4 through 10.2.0.2

Description The issue is related to multiple unspecified vulnerabilities in the Oracle Spatial component, with remote authenticated attack vectors. It involves bypassing input validation for SQL injection related to convert to lrs layer and dbms assert, as well as SQL injection in the trigger in the SDO DROP USER package.

Recommendations For Oracle Database versions 8.1.7.4 through 10.2.0.2, as a temporary workaround, consider restricting access to the mdsys.sdo lrs component and the SDO DROP USER package to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.