|Main Archive Page > Month Archives > full-disclosure-uk archives|
-----BEGIN PGP SIGNED MESSAGE-----
afaik, no one cares about oracle.
retarded blind scavengers make careers selling fallen, rotten, previously low hanging fruit.
<3 2 n3td3v
> Tue, 13 Jan 2009 15:52:02 -0800 David Litchfield
>NGSSoftware Insight Security Research Advisory
>Name: Trigger abuse of MDSYS.SDO_TOPO_DROP_FTBL
>Systems Affected: Oracle 10g R1 and R2 (10.1.0.5 and 10.2.0.2)
>Vendor URL: http://www.oracle.com/
>Author: David Litchfield [ firstname.lastname@example.org ]
>Reported: 23rd July 2008
>Date of Public Advisory: 13th January 2009
>Advisory number: #NISR13012009
>Oracle has just released a fix for a flaw that, when exploited,
>allows a low
>privileged authenticated database user to gain MDSYS privileges.
>This can be
>abused by an attacker to perform actions as the MDSYS user.
>MDSYS.SDO_TOPO_DROP_FTBL is one of the triggers that forms part of
>Oracle Spatial Application. It is vulnerable to SQL injection.
>When a user
>drops a table the trigger fires. The name of the table is embedded
>dynamic SQL query which is then executed by the trigger. Note that
>Oracle advisory states that the attacker requires the DROP TABLE
>PROCEDURE privileges. This is not the case and only CREATE SESSION
>privileges are required.
>Oracle was alerted to this flaw on the 23rd July 2008. A patch has
>NGSSQuirreL for Oracle, an advanced vulnerability assessment
>designed specifically for Oracle, can be used to accurately
>whether your servers are vulnerable to these flaws. More
>NGSSQuirreL for Oracle can be found here:
>NGSSoftware, an NCC Group Company, develops vulnerability
>compliancy tools for database servers including Oracle, Microsoft
>Server, DB2, Sybase and Informix. Headquartered in the United
>has offices in London, St. Andrews (UK), Brisbane, and Perth
>Seattle in the United States; NGS provide services to some of the
>and most demanding organizations around the globe.
>Telephone +44 208 401 0070
>Fax +44 208 401 0076
>The information contained in this email and any subsequent
>correspondence is private, is solely for the intended recipient(s)
>may contain confidential or privileged information. For those
>the intended recipient(s), any disclosure, copying, distribution,
>other action taken, or omitted to be taken, in reliance on such
>information is prohibited and may be unlawful. If you are not the
>intended recipient and have received this message in error, please
>inform the sender and delete this mail and any attachments.
>The views expressed in this email do not necessarily reflect NGS
>NGS accepts no liability or responsibility for any onward
>or use of emails and attachments having left the NGS domain.
>NGS and NGSSoftware are trading names of Next Generation Security
>Software Ltd. Registered office address: Manchester Technology
>Oxford Road, Manchester, M1 7EF with Company Number 04225835 and
>VAT Number 783096402
>Full-Disclosure - We believe in it.
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify
-----END PGP SIGNATURE----- -- Dreaming of a career in Medical Administration? Click here to make your dream career a reality. http://tagline.hushmail.com/fc/PnY6qxukq5RffaxISSWG6OsKAmNS1Ot26fn4GDJCCtUikCP599Qla/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/