Oracle Database Server CREATE_SCN_CHANGE_SET Standard Procedure SQL Injection Vulnerability
BID:13234
Info
Oracle Database Server CREATE_SCN_CHANGE_SET Standard Procedure SQL Injection Vulnerability
| Bugtraq ID: | 13234 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 12 2005 12:00AM |
| Updated: | Apr 12 2005 12:00AM |
| Credit: | Discovery is credited to Esteban Martínez Fayó of Argeniss. |
| Vulnerable: |
Oracle Oracle10g Standard Edition 10.1 .0.4 Oracle Oracle10g Standard Edition 10.1 .0.3.1 Oracle Oracle10g Standard Edition 10.1 .0.3 Oracle Oracle10g Standard Edition 10.1 .0.2 Oracle Oracle10g Personal Edition 10.1 .0.4 Oracle Oracle10g Personal Edition 10.1 .0.3.1 Oracle Oracle10g Personal Edition 10.1 .0.3 Oracle Oracle10g Personal Edition 10.1 .0.2 Oracle Oracle10g Enterprise Edition 10.1 .0.4 Oracle Oracle10g Enterprise Edition 10.1 .0.3.1 Oracle Oracle10g Enterprise Edition 10.1 .0.3 Oracle Oracle10g Enterprise Edition 10.1 .0.2 |
| Not Vulnerable: | |
Discussion
Oracle Database Server CREATE_SCN_CHANGE_SET Standard Procedure SQL Injection Vulnerability
Oracle Database Server is prone to SQL injection in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET standard procedure. This may permit an attacker who can influence the invocation parameters of the stored procedure to compromise the database.
This issue was originally disclosed in the "Oracle Critical Patch Update - April 2005" advisory. BID 13139 Oracle Multiple Vulnerabilities describes the issues covered in the Oracle advisory. There is insufficient information at this point in time to associate this vulnerability with an identifier from the Oracle
advisory.
Oracle Database Server is prone to SQL injection in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET standard procedure. This may permit an attacker who can influence the invocation parameters of the stored procedure to compromise the database.
This issue was originally disclosed in the "Oracle Critical Patch Update - April 2005" advisory. BID 13139 Oracle Multiple Vulnerabilities describes the issues covered in the Oracle advisory. There is insufficient information at this point in time to associate this vulnerability with an identifier from the Oracle
advisory.
Exploit / POC
Oracle Database Server CREATE_SCN_CHANGE_SET Standard Procedure SQL Injection Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
Oracle Database Server CREATE_SCN_CHANGE_SET Standard Procedure SQL Injection Vulnerability
Solution:
Oracle has released a Critical Patch Update (Critical Patch Update - April 2005) to address these issues. Information regarding obtaining and applying an appropriate patch can be found in the Oracle Critical Patch Update in references.
Pre-Installation Notes for Oracle Database Server can be found at the following location:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=301045.1
Solution:
Oracle has released a Critical Patch Update (Critical Patch Update - April 2005) to address these issues. Information regarding obtaining and applying an appropriate patch can be found in the Oracle Critical Patch Update in references.
Pre-Installation Notes for Oracle Database Server can be found at the following location:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=301045.1
References
Oracle Database Server CREATE_SCN_CHANGE_SET Standard Procedure SQL Injection Vulnerability
References:
References:
- Critical Patch Update - April 2005 (Oracle)
- OraALTER_MANUALLOG_CHANGE_SOURCEWorkaround.sql (Argeniss)
- Oracle Homepage (Oracle)
- [AppSecInc Team SHATTER Security Advisory] SQL Injection in CREATE_SCN_CHANGE_SE (Team SHATTER