[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] SQL Injection via CTXSYS.DRILOAD in Oracle 8i/9i
- To: <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: [Full-Disclosure] SQL Injection via CTXSYS.DRILOAD in Oracle 8i/9i
- From: "Kornbrust, Alexander" <ak@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 5 Sep 2004 22:38:48 +0200
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML
DIR=ltr><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html;
charset=iso-8859-1"></HEAD><BODY><DIV><FONT face='Arial' color=#000000 size=2>
<DIV><FONT face=Arial color=#000000 size=2><A
href="http://www.red-database-security.com/advisory/advisory_20040903_1.htm";>http://www.red-database-security.com/advisory/advisory_20040903_1.htm</A></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#000000
size=2>###############################################################</FONT></DIV>
<DIV><FONT face=Arial color=#000000 size=2>RDS_20040903_1 -
Red-Database-Security GmbH Research Advisory </FONT></DIV><FONT face=Arial
color=#000000 size=2>
<DIV><BR>Name SQL
Injection via CTXSYS.DRILOAD in Oracle 8i/9i<BR>Systems Affected
Oracle 8i / Oracle9i (all
platforms)<BR>Severity
High
Risk<BR>Category
SQL Injection<BR>Vendor URL
<A
href="http://www.oracle.com";>http://www.oracle.com</A><BR>Author
Alexander Kornbrust (ak at
red-database-security.com)<BR>Date
3 Sep 2004 (V 1.0)<BR>Advisory number
RDS_200400903_1</DIV>
<DIV> </DIV>
<DIV>Description<BR>###########<BR>SQL Injection via CTXSYS.DRILOAD in Oracle
8i/9i.</DIV>
<DIV> </DIV>
<DIV>Details<BR>#######<BR>Any valid database user can become DBA (if CTXSYS is
installed) by executing the <BR>package DRILOAD by submitting a specially
crafted parameter.</DIV>
<DIV>Oracle 10g is NOT affected.</DIV>
<DIV> </DIV>
<DIV><BR>Workarounds<BR>###########<BR>Drop user CTXSYS (if not
needed) <BR>or <BR>revoke public grant from
CTXSYS.DRILOAD.</DIV>
<DIV> </DIV>
<DIV><BR>Patch Information<BR>#################<BR>Please see MetaLink Document
ID 281189.1 for the patch download procedures and for the <BR>Patch
Availability
Matrix for this Oracle Security Alert.</DIV>
<DIV><A
href="http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=281189.1";>http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=281189.1</A></DIV>
<DIV> </DIV>
<DIV>History:<BR>########<BR>5 Januar
2004 Oracle was informed <BR>6
Januar 2004 Bug confirmed<BR>31
August 2004 Oracle published alert 68</DIV>
<DIV> </DIV>
<DIV><BR>About Red-Database-Security
GmbH<BR>#################################<BR>Red-Database-Security GmbH is a
specialist in Oracle Security. </DIV>
<DIV><BR><A
href="http://www.red-database-security.com/";>http://www.red-database-security.com/</A></DIV></FONT></FONT></DIV></BODY></HTML>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html