Oracle Database Server Vulnerability - CVE-2006-5340

Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4 9.0.1.5 9.2.0.8 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs aka Vuln DB13 and (2) Vuln DB17. NOTE: as of 20061023 Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert and DB17 is related to SQL injection in the trigger in the SDO_DROP_USER package.