Home page logo
/

bugtraq logo Bugtraq mailing list archives

[DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection
From: DSecRG <research () dsecrg com>
Date: Mon, 26 Oct 2009 16:25:23 +0300



Digital Security Research Group [DSecRG] Advisory       #DSECRG-09-010
http://dsecrg.com/pages/vul/show.php?id=110

Application:                    Oracle Database 10G 
Versions Affected:              Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4
Vendor URL:                     http://oracle.com
Bugs:                           PL/SQL Injections
Exploits:                       YES
Reported:                       29.01.2008
Vendor response:                31.01.2008 
CVE:                            CVE-2009-1991 
SVSS2:                          3.6               
Date of Public Advisory:        26.10.2009
Authors:                        Alexandr Polyakov
                                Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)

Description
***********

Oracle Database 10G and 9g vulnerable to PL/SQL Injection.
PL/SQL Injection found in procedure ctxsys.drvxtabc.create_tables

Details
*******

PL/SQL Injection found in procedure ctxsys.drvxtabc.create_tables 

ctxsys.drvxtabc.create_tables  has 3 parameters 

 idx_owner - varchar2
 idx_name  - varchar2
 idxid - number


idx_owner and idx_name are vulnerable to SQL Injection


*******
Example:


exec ctxsys.drvxtabc.create_tables('SH"."SH2KERR" (X NUMBER)--','yyyyyyyyy',2);


Fix Information
***************


Information was published in CPU October 2009.
All customers can download CPU patches following instructions from: 

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html 


Credits
*******

Oracle give a credits for Alexander Polyakov from Digital Security Company in CPU October 2009.

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html 

Current advisory:

http://dsecrg.com/pages/vul/show.php?id=110



About
*****
Digital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit 
and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and 
PCI DSS standards. Digital Security Research Group focuses on application and database security problems with 
vulnerability reports, advisories and whitepapers posted regularly on our website.


Contact:        research [at] dsecrg [dot] com
                http://www.dsecrg.com




  By Date           By Thread  

Current thread:
  • [DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection DSecRG (Oct 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]