Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Oracle Database Multiple Vulnerabilities

-

Release Date:  2009-10-21    Last Update:  2009-10-26    Views:  11,677

Secunia Advisory SA37027

Where:

From remote

Impact:

Manipulation of data, Exposure of sensitive information, DoS, System access

Solution Status:

Vendor Patch

CVE Reference(s):

Description


Some vulnerabilities have been reported in Oracle Database, which can exploited to disclose sensitive information, cause a DoS (Denial of Service), manipulate certain data, conduct SQL injection attacks, or compromise a vulnerable system.

1) An error in the Core RDBMS component when running on Windows can be exploited to execute arbitrary code.

2) Two errors in the Network Authentication component can be exploited to execute arbitrary code.

3) An error in the Data Mining component can be exploited by authenticated users to disclose or manipulate certain data.

Successful exploitation of this vulnerability requires execute privileges on SYS.DMP_SYS.

4) An error in the Oracle Spatial component can be exploited by authenticated users to disclose or manipulate certain data.

Successful exploitation of this vulnerability requires execute privileges on MDSYS.PRVT_CMT_CBK.

5) An error in the PL/SQL component can be exploited by authenticated users to disclose or manipulate certain data.

Successful exploitation of this vulnerability requires "Create Procedure" privileges.

6) An error in the Application Express component can be exploited by authenticated users to disclose or manipulate certain data.

Successful exploitation of this vulnerability requires execute privileges on FLOWS_030000.WWV_EXECUTE_IMMEDIATE.

7) An error in the Workspace Manager component can be exploited by authenticated users to disclose or manipulate certain data.

Successful exploitation of this vulnerability requires execute privileges on SYS.LTRIC (WMSYS.LTRIC).

8) An error in the Workspace Manager component can be exploited by authenticated users to disclose or manipulate certain data.

Successful exploitation of this vulnerability requires "Create Session" privileges.

9) An error in the Net Foundation Layer component on Windows can be exploited to disclose or manipulate certain data.

10) Two errors in the Authentication component can be exploited to disclose sensitive information.

11) An error in the Advanced Queuing component can be exploited by authenticated users to disclose or manipulate certain data.

Successful exploitation of this vulnerability requires execute privileges on SYS.DBMS_AQ_INV.

12) Input passed via the "idx_owner" and "idx_name" parameters to "ctxsys.drvxtabc.create_tables()" is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of this vulnerability requires execute privileges on CTXSYS.DRVXTABC.

13) An error in the Data Pump component can be exploited by authenticated users to manipulate certain data.

Successful exploitation of this vulnerability requires "Create Session" privileges.

14) An error in the Auditing component can be exploited by authenticated users to manipulate certain data.

Successful exploitation of this vulnerability requires execute privileges on DBMS_SYS_SQL, DBMS_SQL.

The vulnerabilities are reported in the following products and versions:
* Oracle Database 11g, version 11.1.0.7
* Oracle Database 10g Release 2, versions 10.2.0.3 and 10.2.0.4
* Oracle Database 10g, version 10.1.0.5
* Oracle Database 9i Release 2, versions 9.2.0.8 and 9.2.0.8DV


Solution:
Apply patches (please see the vendor's advisory for details).

Provided and/or discovered by:
12) Alexandr Polyakov, Digital Security Research Group

For the remaining vulnerabilities fixed in the October Critical Patch Update, the vendor credits:
* Yaniv Azaria of Imperva, Inc.
* Cesar Cerrudo of Argeniss
* Deniz Cevik of Intellect
* Joxean Koret of iSIGHT Partners Global Vulnerability Partnership
* Alexander Kornbrust of Red Database Security
* David Litchfield of NGS Software
* Ryan Permeh of McAfee Avert labs
* Guy Pilosof of Sentrigo
* Aviv Pode of Sentrigo
* Pawel Romanek of Asseco Business Solutions
* Amichai Shulman of Imperva, Inc.
* Rajat Swarup
* Laszlo Toth
* Luka Treiber of ACROS Security
* Wei Wang of McAfee Avert labs
* Dennis Yurichev

Original Advisory:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html

Digital Security Research Group:
http://dsecrg.com/pages/vul/show.php?id=110

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Oracle Database Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability