Digital Security Research Group [DSecRG] Advisory #DSECRG-09-010
http://dsecrg.com/pages/vul/show.php?id=110

Application: Oracle Database 10G
Versions Affected: Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4
Vendor URL: http://oracle.com
Bugs: PL/SQL Injections
Exploits: YES
Reported: 29.01.2008
Vendor response: 31.01.2008
CVE: CVE-2009-1991
SVSS2: 3.6
Date of Public Advisory: 26.10.2009
Authors: Alexandr Polyakov
Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)

Description
***********

Oracle Database 10G and 9g vulnerable to PL/SQL Injection.
PL/SQL Injection found in procedure ctxsys.drvxtabc.create_tables

Details
*******

PL/SQL Injection found in procedure ctxsys.drvxtabc.create_tables

ctxsys.drvxtabc.create_tables has 3 parameters

idx_owner - varchar2
idx_name - varchar2
idxid - number

idx_owner and idx_name are vulnerable to SQL Injection

*******
Example:

exec ctxsys.drvxtabc.create_tables('SH"."SH2KERR" (X NUMBER)--','yyyyyyyyy',2);

Fix Information
***************

Information was published in CPU October 2009.
All customers can download CPU patches following instructions from:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/
cpuoct2009.html

Credits
*******

Oracle give a credits for Alexander Polyakov from Digital Security Company in CPU October 2009.

http://www.oracle.com/technology/deploy/security/critical-patch-updates/
cpuoct2009.html

Current advisory:

http://dsecrg.com/pages/vul/show.php?id=110

About
*****
Digital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.

Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com

[ reply ]