|
|
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-010
http://dsecrg.com/pages/vul/show.php?id=110
Application: Oracle Database 10G
Versions Affected: Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4
Vendor URL: http://oracle.com
Bugs: PL/SQL Injections
Exploits: YES
Reported: 29.01.2008
Vendor response: 31.01.2008
CVE: CVE-2009-1991
SVSS2: 3.6
Date of Public Advisory: 26.10.2009
Authors: Alexandr Polyakov
Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)
Description
***********
Oracle Database 10G and 9g vulnerable to PL/SQL Injection.
PL/SQL Injection found in procedure ctxsys.drvxtabc.create_tables
Details
*******
PL/SQL Injection found in procedure ctxsys.drvxtabc.create_tables
ctxsys.drvxtabc.create_tables has 3 parameters
idx_owner - varchar2
idx_name - varchar2
idxid - number
idx_owner and idx_name are vulnerable to SQL Injection
*******
Example:
exec ctxsys.drvxtabc.create_tables('SH"."SH2KERR" (X NUMBER)--','yyyyyyyyy',2);
Fix Information
***************
Information was published in CPU October 2009.
All customers can download CPU patches following instructions from:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html
Credits
*******
Oracle give a credits for Alexander Polyakov from Digital Security Company in CPU October 2009.
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html
Current advisory:
http://dsecrg.com/pages/vul/show.php?id=110
About
*****
Digital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.
Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com