CVE-2006-5342

Name of the Vulnerable Software and Affected Versions Oracle Database versions 9.0.1.5, 9.2.0.6, and 10.1.0.3

Description The issue concerns an unspecified vulnerability in the Oracle Spatial component, which may be related to SQL injection in the EXTENT OF function. It has unknown impact and remote authenticated attack vectors, particularly related to mdsys.sdo tune. There are reports from reliable third parties suggesting a potential link to SQL injection, although Oracle has not confirmed this as of the specified date.

Recommendations For Oracle Database version 9.0.1.5, consider restricting access to the mdsys.sdo tune component until a fix is available. For Oracle Database version 9.2.0.6, avoid using the EXTENT OF function in the Oracle Spatial component to minimize potential risks. For Oracle Database version 10.1.0.3, as a temporary workaround, consider disabling the mdsys.sdo tune component to prevent potential exploitation.