Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22686
HistoryOct 28, 2009 - 12:00 a.m.

[DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection

2009-10-2800:00:00
vulners.com
25

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-010
http://dsecrg.com/pages/vul/show.php?id=110

Application: Oracle Database 10G
Versions Affected: Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4
Vendor URL: http://oracle.com
Bugs: PL/SQL Injections
Exploits: YES
Reported: 29.01.2008
Vendor response: 31.01.2008
CVE: CVE-2009-1991
SVSS2: 3.6
Date of Public Advisory: 26.10.2009
Authors: Alexandr Polyakov
Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)

Description


Oracle Database 10G and 9g vulnerable to PL/SQL Injection.
PL/SQL Injection found in procedure ctxsys.drvxtabc.create_tables

Details


PL/SQL Injection found in procedure ctxsys.drvxtabc.create_tables

ctxsys.drvxtabc.create_tables has 3 parameters

idx_owner - varchar2
idx_name - varchar2
idxid - number

idx_owner and idx_name are vulnerable to SQL Injection


Example:

exec ctxsys.drvxtabc.create_tables('SH"."SH2KERR" (X NUMBER)–','yyyyyyyyy',2);

Fix Information


Information was published in CPU October 2009.
All customers can download CPU patches following instructions from:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html

Credits


Oracle give a credits for Alexander Polyakov from Digital Security Company in CPU October 2009.

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html

Current advisory:

http://dsecrg.com/pages/vul/show.php?id=110

About


Digital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit and
penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS
standards. Digital Security Research Group focuses on application and database security problems with vulnerability reports,
advisories and whitepapers posted regularly on our website.

Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com

Related for SECURITYVULNS:DOC:22686