exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

oracleFailed.txt

oracleFailed.txt
Posted Jul 8, 2005
Authored by David Litchfield

The Oracle critical patch update released in April 2005 has failed to fix all of the vulnerabilities it claimed to have negated.

tags | advisory, vulnerability
SHA-256 | 383a6999ae47ac35ce7d8021d5dbbcac0f545486211bebcfb856c3f21a79fe73

oracleFailed.txt

Change Mirror Download
Hey all,
Whilst analyzing Oracle's Critical Patch Update for April 2005 I noticed
some failures in it, that meant certain issues the patch was supposed to fix
were actually left unfixed.

One set of vulnerabilities "fixed" by the April CPU is a group of SQL
injection bugs in DBMS_SUBSCRIBE and DBMS_ISUBSCRIBE discovered by AppSec
Inc. On digging deeper you find that the actual source of the problem lies
within the underlying java class files. The April CPU fails to properly load
the newer patched classes which means that these problems can still be
exploited. To resolve this problem, a DBA can use the loadjava command line
utility or execute the loadjava procedure on the DBMS_JAVA package. The jar
file to be loaded is $ORACLE_HOME/rdbms/jlib/CDC.jar. All platforms are
affected by this problem.

On Windows, both 32bit and 64bit, a second problem exists; a vulnerability
exists whereby an attacker can run arbitrary SQL by abusing the
CTXSYS.DRILOAD package to gain DBA privleges. This was discovered by
multiple persons and was initially fixed in August 2004. However, the April
Critical Patch Update copies the updated sql script file to the wrong
directory and if previous patches (August 2004 or January 2005) have not
applied then you will still be vulnerable to this attack even if the April
CPU has been applied.

These problems were reported to Oracle in early June and today they have
released updated information about these problems. See the Metalink
(http://metalink.oracle.com) website for more details.

<shameless plug>
I'll be speaking about patching and Oracle as part of my presentation at
Blackhat in Las Vegas and the end of this month if anyone's interested
</shameless plug>

<shameful plug>
NGSSQuirreL for Oracle (http://www.ngssoftware.com/squirrelora.htm) checks
for the problems I've just discussed
</shameful plug>

Cheers,
David Litchfield
NGSSoftware Ltd
http://www.ngssoftware.com

Login or Register to add favorites

File Archive:

August 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    15 Files
  • 2
    Aug 2nd
    22 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    11 Files
  • 7
    Aug 7th
    43 Files
  • 8
    Aug 8th
    42 Files
  • 9
    Aug 9th
    36 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    27 Files
  • 13
    Aug 13th
    18 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close