|Main Archive Page > Month Archives > full-disclosure-uk archives|
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> afaik, no one cares about oracle.
> retarded blind scavengers make careers selling fallen, rotten,
> previously low hanging fruit.
> <3 2 n3td3v
> > Tue, 13 Jan 2009 15:52:02 -0800 David Litchfield
> <firstname.lastname@example.org> wrote:
> >NGSSoftware Insight Security Research Advisory
> >Name: Trigger abuse of MDSYS.SDO_TOPO_DROP_FTBL
> >Systems Affected: Oracle 10g R1 and R2 (10.1.0.5 and 10.2.0.2)
> >Severity: High
> >Vendor URL: http://www.oracle.com/
> >Author: David Litchfield [ email@example.com ]
> >Reported: 23rd July 2008
> >Date of Public Advisory: 13th January 2009
> >Advisory number: #NISR13012009
> >CVE: CVE-2008-3979
> >Oracle has just released a fix for a flaw that, when exploited,
> >allows a low
> >privileged authenticated database user to gain MDSYS privileges.
> >This can be
> >abused by an attacker to perform actions as the MDSYS user.
> >MDSYS.SDO_TOPO_DROP_FTBL is one of the triggers that forms part of
> >Oracle Spatial Application. It is vulnerable to SQL injection.
> >When a user
> >drops a table the trigger fires. The name of the table is embedded
> >in a
> >dynamic SQL query which is then executed by the trigger. Note that
> >Oracle advisory states that the attacker requires the DROP TABLE
> >and CREATE
> >PROCEDURE privileges. This is not the case and only CREATE SESSION
> >privileges are required.
> >Fix Information
> >Oracle was alerted to this flaw on the 23rd July 2008. A patch has
> >now been
> >made available:
> >NGSSQuirreL for Oracle, an advanced vulnerability assessment
> >designed specifically for Oracle, can be used to accurately
> >whether your servers are vulnerable to these flaws. More
> >information about
> >NGSSQuirreL for Oracle can be found here:
> >About NGSSoftware
> >NGSSoftware, an NCC Group Company, develops vulnerability
> >assessment and
> >compliancy tools for database servers including Oracle, Microsoft
> >Server, DB2, Sybase and Informix. Headquartered in the United
> >Kingdom NGS
> >has offices in London, St. Andrews (UK), Brisbane, and Perth
> >(Australia) and
> >Seattle in the United States; NGS provide services to some of the
> >and most demanding organizations around the globe.
> >Telephone +44 208 401 0070
> >Fax +44 208 401 0076
> >E-MAIL DISCLAIMER
> >The information contained in this email and any subsequent
> >correspondence is private, is solely for the intended recipient(s)
> >may contain confidential or privileged information. For those
> >other than
> >the intended recipient(s), any disclosure, copying, distribution,
> >or any
> >other action taken, or omitted to be taken, in reliance on such
> >information is prohibited and may be unlawful. If you are not the
> >intended recipient and have received this message in error, please
> >inform the sender and delete this mail and any attachments.
> >The views expressed in this email do not necessarily reflect NGS
> >NGS accepts no liability or responsibility for any onward
> >or use of emails and attachments having left the NGS domain.
> >NGS and NGSSoftware are trading names of Next Generation Security
> >Software Ltd. Registered office address: Manchester Technology
> >Oxford Road, Manchester, M1 7EF with Company Number 04225835 and
> >VAT Number 783096402
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >Hosted and sponsored by Secunia - http://secunia.com/
> -----BEGIN PGP SIGNATURE-----
> Charset: UTF8
> Version: Hush 3.0
> Note: This signature can be verified at https://www.hushtools.com/verify
> -----END PGP SIGNATURE-----
> Dreaming of a career in Medical Administration? Click here to make your
> dream career a reality.
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/