SQL Injection in package DBMS_AQADM_SYS

Name                SQL Injection in package DBMS_AQADM_SYS [CVE-2009-0977]
Systems Affected    Oracle 9.2.0.8 - 10.2.0.3
Severity            Medium Risk
Category            SQL Injection
Vendor URL          http://www.oracle.com/
Author              Franz Hüll (fh at red-database-security.com)
CVE                 CVE-2009-0977
Advisory            14 April 2009 (V 1.00)


Details
The package DBMS_AQADM_SYS contains a SQL injection vulnerability.

PROCEDURE GRANT_TYPE_ACCESS( USER_NAME IN VARCHAR2) IS

GRANT_TXT VARCHAR2(100);
GRANT_OPT VARCHAR2(20) := ' with grant option';
BEGIN

EXECUTE_STMT( 'grant execute on sys.aq$_agent to '|| USER_NAME||GRANT_OPT);
EXECUTE_STMT('grant execute on sys.aq$_dequeue_history to '|| USER_NAME||GRANT_OPT);
EXECUTE_STMT('grant execute on sys.aq$_subscribers to '|| USER_NAME||GRANT_OPT);
EXECUTE_STMT('grant execute on sys.aq$_recipients to '|| USER_NAME||GRANT_OPT);
EXECUTE_STMT('grant execute on sys.aq$_history to '|| USER_NAME||GRANT_OPT);
EXECUTE_STMT('grant execute on sys.aq$_dequeue_history to '|| USER_NAME||GRANT_OPT);

[...]


Patch Information
Apply the patches for Oracle CPU April 2009.


History
14-apr-2009 Oracle published CPU April 2009 [CVE-2009-0977]
14-apr-2009 Advisory published