CVE-2008-1816

Name of the Vulnerable Software and Affected Versions Oracle Database versions 10.1.0.5 through 10.2.0.3

Description The issue is related to unspecified vulnerabilities in the Oracle Database, specifically in the Oracle Spatial component, referred to as SDO UTIL, and in the Audit component, related to fine grained auditing. These vulnerabilities have remote authenticated attack vectors, which means they can be exploited by attackers who have valid credentials to access the system. There are claims of SQL injection related to one of the vulnerabilities, but Oracle has not commented on this.

Recommendations For Oracle Database version 10.1.0.5, update to a version that is not affected by these vulnerabilities. For Oracle Database version 10.2.0.3, update to a version that is not affected by these vulnerabilities. As a temporary workaround, consider restricting access to the SDO UTIL function in the Oracle Spatial component and the fine grained auditing feature in the Audit component until a patch is available.