---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Oracle Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21111 VERIFY ADVISORY: http://secunia.com/advisories/21111/ CRITICAL: Highly critical IMPACT: Unknown, Manipulation of data, System access WHERE: >From remote SOFTWARE: JD Edwards EnterpriseOne 8.x http://secunia.com/product/5940/ JD Edwards OneWorld 8.x http://secunia.com/product/2948/ Oracle Application Server 10g http://secunia.com/product/3190/ Oracle Collaboration Suite 10.x http://secunia.com/product/2450/ Oracle Database 10g http://secunia.com/product/3387/ Oracle Database 8.x http://secunia.com/product/360/ Oracle E-Business Suite 11i http://secunia.com/product/442/ Oracle Enterprise Manager 10.x http://secunia.com/product/2565/ Oracle PeopleSoft Enterprise Tools 8.x http://secunia.com/product/9411/ Oracle Pharmaceutical Applications 4.x http://secunia.com/product/9410/ Oracle Workflow 11.x http://secunia.com/product/9412/ Oracle9i Application Server http://secunia.com/product/443/ Oracle9i Collaboration Suite http://secunia.com/product/2451/ Oracle9i Database Enterprise Edition http://secunia.com/product/359/ Oracle9i Database Standard Edition http://secunia.com/product/358/ Oracle9i Developer Suite http://secunia.com/product/5411/ DESCRIPTION: Multiple vulnerabilities have been reported in various Oracle products. Some have an unknown impact and others can be exploited to conduct SQL injection attacks or compromise a vulnerable system. Details have been disclosed for the following vulnerabilities: 1) Input passed to the "IMPORT_CHANGE_SET", "IMPORT_CHANGE_TABLE", "IMPORT_CHANGE_COLUMN", "IMPORT_SUBSCRIBER", "IMPORT_SUBSCRIBED_TABLE", "IMPORT_SUBSCRIBED_COLUMN", "VALIDATE_IMPORT", "VALIDATE_CHANGE_SET", "VALIDATE_CHANGE_TABLE", and "VALIDATE_SUBSCRIPTION" procedures provided by the "sys.dbms_cdc_impdp" package is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires permissions to create a PL/SQL function. 2) Input passed to the "MAIN" procedure provided by the "sys.kupw$worker" package is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires permissions to create a PL/SQL function. 3) Input passed to the "sys.dbms_stats" package is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires permissions to create a PL/SQL function. 4) Input passed to the "sys.dbms_upgrade" package is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires permissions to create a PL/SQL function. SOLUTION: Apply patches (see vendor advisory). PROVIDED AND/OR DISCOVERED BY: 1-4) Alexander Kornbrust, Red Database Security. The vendor also credits the following people: * Esteban Martinez Fayo, Application Security Inc. * Dr. Christian Kleinewaechter and Swen Thuemmler, infinity3. * David Litchfield, Next Generation Security Software. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2006.html Red Database Security: http://www.red-database-security.com/advisory/oracle_cpu_jul_2006.html http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_cdc_impdp.html http://www.red-database-security.com/advisory/oracle_sql_injection_kupw$worker.html http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_stats.html http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_upgrade.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------