[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection

To: bugtraq@xxxxxxxxxxxxxxxxx, vuln@xxxxxxxxxxx, packet@xxxxxxxxxxxxxxxxxxxxxxx
Subject: [DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection
From: DSecRG <research@xxxxxxxxxx>
Date: Mon, 26 Oct 2009 16:25:23 +0300


Digital Security Research Group [DSecRG] Advisory       #DSECRG-09-010
http://dsecrg.com/pages/vul/show.php?id=110

Application:                    Oracle Database 10G 
Versions Affected:              Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4
Vendor URL:                     http://oracle.com
Bugs:                           PL/SQL Injections
Exploits:                       YES
Reported:                       29.01.2008
Vendor response:                31.01.2008 
CVE:                            CVE-2009-1991 
SVSS2:                          3.6               
Date of Public Advisory:        26.10.2009
Authors:                        Alexandr Polyakov
                                Digital Security Research Group [DSecRG] 
(research [at] dsecrg [dot] com)

Description
***********

Oracle Database 10G and 9g vulnerable to PL/SQL Injection.
PL/SQL Injection found in procedure ctxsys.drvxtabc.create_tables

Details
*******

PL/SQL Injection found in procedure ctxsys.drvxtabc.create_tables 

ctxsys.drvxtabc.create_tables  has 3 parameters 

 idx_owner - varchar2
 idx_name  - varchar2
 idxid - number


idx_owner and idx_name are vulnerable to SQL Injection


*******
Example:


exec ctxsys.drvxtabc.create_tables('SH"."SH2KERR" (X NUMBER)--','yyyyyyyyy',2);


Fix Information
***************


Information was published in CPU October 2009.
All customers can download CPU patches following instructions from: 

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html
 


Credits
*******

Oracle give a credits for Alexander Polyakov from Digital Security Company in 
CPU October 2009.

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html
 

Current advisory:

http://dsecrg.com/pages/vul/show.php?id=110



About
*****
Digital Security is one of the leading IT security companies in CEMEA, 
providing information security consulting, audit and penetration testing 
services, risk analysis and ISMS-related services and certification for ISO/IEC 
27001:2005 and PCI DSS standards. Digital Security Research Group focuses on 
application and database security problems with vulnerability reports, 
advisories and whitepapers posted regularly on our website.


Contact:        research [at] dsecrg [dot] com
                http://www.dsecrg.com

Prev by Date: Re: /proc filesystem allows bypassing directory permissions on Linux
Next by Date: Re: Re: /proc filesystem allows bypassing directory permissions on Linux
Previous by thread: [ GLSA 200910-03 ] Adobe Reader: Multiple vulnerabilities
Next by thread: [SECURITY] [DSA-1920-1] New nginx packages fix denial of service
Index(es):
- Date
- Thread