>
> TITLE:
> Oracle Products Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA21111
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> Unknown, Manipulation of data, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> JD Edwards EnterpriseOne 8.x
>
> JD Edwards OneWorld 8.x
>
> Oracle Application Server 10g
>
> Oracle Collaboration Suite 10.x
>
> Oracle Database 10g
>
> Oracle Database 8.x
>
> Oracle E-Business Suite 11i
>
> Oracle Enterprise Manager 10.x
>
> Oracle PeopleSoft Enterprise Tools 8.x
>
> Oracle Pharmaceutical Applications 4.x
>
> Oracle Workflow 11.x
>
> Oracle9i Application Server
>
> Oracle9i Collaboration Suite
>
> Oracle9i Database Enterprise Edition
>
> Oracle9i Database Standard Edition
>
> Oracle9i Developer Suite
>
>
> DESCRIPTION:
> Multiple vulnerabilities have been reported in various Oracle
> products. Some have an unknown impact and others can be exploited to
> conduct SQL injection attacks or compromise a vulnerable system.
>
> Details have been disclosed for the following vulnerabilities:
>
> 1) Input passed to the "IMPORT_CHANGE_SET", "IMPORT_CHANGE_TABLE",
> "IMPORT_CHANGE_COLUMN", "IMPORT_SUBSCRIBER",
> "IMPORT_SUBSCRIBED_TABLE", "IMPORT_SUBSCRIBED_COLUMN",
> "VALIDATE_IMPORT", "VALIDATE_CHANGE_SET", "VALIDATE_CHANGE_TABLE",
> and "VALIDATE_SUBSCRIPTION" procedures provided by the
> "sys.dbms_cdc_impdp" package is not properly sanitised before being
> used in an SQL query. This can be exploited to manipulate SQL queries
> by injecting arbitrary SQL code.
>
> Successful exploitation requires permissions to create a PL/SQL
> function.
>
> 2) Input passed to the "MAIN" procedure provided by the
> "sys.kupw$worker" package is not properly sanitised before being used
> in an SQL query. This can be exploited to manipulate SQL queries by
> injecting arbitrary SQL code.
>
> Successful exploitation requires permissions to create a PL/SQL
> function.
>
> 3) Input passed to the "sys.dbms_stats" package is not properly
> sanitised before being used in an SQL query. This can be exploited to
> manipulate SQL queries by injecting arbitrary SQL code.
>
> Successful exploitation requires permissions to create a PL/SQL
> function.
>
> 4) Input passed to the "sys.dbms_upgrade" package is not properly
> sanitised before being used in an SQL query. This can be exploited to
> manipulate SQL queries by injecting arbitrary SQL code.
>
> Successful exploitation requires permissions to create a PL/SQL
> function.
>
> SOLUTION:
> Apply patches (see vendor advisory).
>
> PROVIDED AND/OR DISCOVERED BY:
> 1-4) Alexander Kornbrust, Red Database Security.
>
> The vendor also credits the following people:
> * Esteban Martinez Fayo, Application Security Inc.
> * Dr. Christian Kleinewaechter and Swen Thuemmler, infinity3.
> * David Litchfield, Next Generation Security Software.
>
> ORIGINAL ADVISORY:
> Oracle:
>
> h-updates/cpujul2006.html
>
> Red Database Security:
>
>
> tion_dbms_cdc_impdp.html
>
> tion_kupw$worker.html
>
> tion_dbms_stats.html
>
> tion_dbms_upgrade.html
>
