First published: Thu Apr 20 2006(Updated: )
Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and other versions have unknown impact and attack vectors in the (1) Advanced Replication component, as identified by Vuln# DB01, and (2) Oracle Spatial component, as identified by Vuln# DB10. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that DB01 is an unknown issue in the DBMS_REPUTIL package, and DB10 is SQL injection in the INSERT_CATALOG, UPDATE_CATALOG, and DELETE_CATALOG functions of the SDO_CATALOG package.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Database | =8.1.7.4 | |
Oracle Database | =9.0.1.5 | |
Oracle Database | =9.2.0.7 | |
Oracle Database | =10.1.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2006-1866 is currently unspecified and requires further investigation to determine its impact.
To fix CVE-2006-1866, it is recommended to apply the latest security patches and updates provided by Oracle for affected database server versions.
CVE-2006-1866 affects Oracle Database Server versions 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 among others.
The vulnerable components identified in CVE-2006-1866 are the Advanced Replication and Oracle Spatial components.
The exact attack vectors for CVE-2006-1866 are unknown, making it difficult to determine if remote exploitation is possible.