Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Oracle :: bx3966.htm

Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN) SQL Injection



Team SHATTER Security Advisory: SQL Injection in Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN)
Team SHATTER Security Advisory: SQL Injection in Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Team SHATTER Security Advisory

SQL Injection in Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN)

August 4, 2008

Risk Level:
Medium

Affected versions:
Oracle Database Server versions 9iR1, 9iR2, 10gR1, 10gR2 and 11gR1

Remote exploitable:
Yes (Authentication to Database Server is needed)

Credits:
This vulnerability was discovered and researched by Esteban Mart=EDnez
Fay=F3 of Application Security Inc.

Details:
The PL/SQL package DBMS_DEFER_SYS owned by SYS has an instance of SQL
Injection in the DELETE_TRAN procedure. A malicious user can call the
vulnerable procedure of this package with specially crafted parameters
and execute SQL statements with the elevated privileges of SYS user.

Impact:
Any Oracle database user with EXECUTE privilege on the package
SYS.DBMS_DEFER_SYS can exploit this vulnerability. By default, users
granted DBA have the required privilege. Exploitation of this
vulnerability allows an attacker to execute SQL commands with SYS
privileges.

Vendor Status:
Vendor was contacted and a patch was released.

Workaround:
Restrict access to the SYS.DBMS_DEFER_SYS package.

Fix:
Apply Oracle Critical Patch Update July 2008 available at Oracle Metalink.

Links:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2592 

Timeline:
Vendor Notification - 9/24/2007
Vendor Response - 9/28/2007
Fix - 7/15/2008
Public Disclosure - 7/23/2008
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkiXMToACgkQ9EOAcmTuFN3LGQCeK6pvkshjrIqiw8rdmE8tWIdK
O9sAnjeSiwasj2U7SpoPhQVvYKyYvUMI
=X2Bp
-----END PGP SIGNATURE-----


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH