TITLE: Oracle Products PL/SQL Gateway Security Bypass Vulnerability SECUNIA ADVISORY ID: SA18621 VERIFY ADVISORY: http://secunia.com/advisories/18621/ CRITICAL: Highly critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Oracle9i Database Standard Edition http://secunia.com/product/358/ Oracle9i Database Enterprise Edition http://secunia.com/product/359/ Oracle9i Application Server http://secunia.com/product/443/ Oracle Application Server 10g http://secunia.com/product/3190/ Oracle Database 8.x http://secunia.com/product/360/ Oracle HTTP Server 8.x http://secunia.com/product/2596/ Oracle HTTP Server 9.x http://secunia.com/product/2597/ DESCRIPTION: David Litchfield has reported a vulnerability in various Oracle products, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the Oracle PL/SQL Gateway component during the validation of certain HTTP requests. This can be exploited to bypass the PLSQLExclusion list and gain access to excluded packages and procedures via specially-crafted HTTP requests. Successful exploitation allows an attacker to gain DBA access to the database server through the web server. The vulnerability has been reported in the PL/SQL Gateway component included in the Oracle Application Server and the Oracle HTTP Server. Note: The affected component may also be included in other Oracle products. SOLUTION: Filter malicious characters and character sequences in a proxy or firewall with URL filtering capabilities. PROVIDED AND/OR DISCOVERED BY: David Litchfield ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041742.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------