CVE-2008-3979

Name of the Vulnerable Software and Affected Versions Oracle Database versions 10.1.0.5 through 10.2.0.2

Description The issue affects confidentiality and integrity, potentially allowing remote authenticated users to gain privileges via unknown vectors. Researchers claim it may be a SQL injection vulnerability, specifically allowing access to MDSYS privileges through the MDSYS.SDO TOPO DROP FTBL trigger.

Recommendations For Oracle Database versions 10.1.0.5 through 10.2.0.2, consider restricting access to the MDSYS.SDO TOPO DROP FTBL trigger as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.