TUCoPS :: HP Unsorted S :: va3179.htm

SQL Injection in package DBMS_AQIN
SQL Injection in package DBMS_AQIN
SQL Injection in package DBMS_AQIN

Name	            SQL Injection in package DBMS_AQIN [CVE-2009-0992]
Systems Affected	Oracle -
Severity	        High Risk
Category	        SQL Injection
Vendor URL	 http://www.oracle.com/ 
Author	            Alexander Kornbrust (ak at red-database-security.com)
CVE	                CVE-2009-0992
Advisory	        14 April 2009 (V 1.00)

The package DBMS_AQIN contains a SQL injection vulnerability in the procedure DEQ_EXEJOB. 
Additional information is available in the following advisory.


Patch Information:
Apply the patches for Oracle CPU April 2009.

Our Oracle database scanner Repscan was updated with the information from the Oracle
CPU April 2009 and can identify vulnerable databases. 
More Information about Repscan can be found here:

14-apr-2009 Oracle published CPU April 2009 [CVE-]
14-apr-2009 Advisory published

About Red-Database-Security:
Red-Database-Security is the leading company for Oracle security. Within the last 
6 years we reported several hundred vulnerabilities to Oracle.

(c) 2009 by Red-Database-Security GmbH

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH