lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 8 Nov 2005 16:54:01 -0000
From: "NGSSoftware Insight Security Research" <nisr@...tgenss.com>
To: <bugtraq@...urityfocus.com>, <ntbugtraq@...tserv.ntbugtraq.com>
Subject: Oracle October 2005 CPU Problems


Examining the Oracle October 2005 Critical Patch Update in depth, 
NGSResearchers discovered a number of problems which have all since been 
reported to Oracle. As well as new vulnerabilities and problems with the 
patches for old vulnerabilities, the October 2005 CPU fails to install the 
patched Oracle Text (CTXSYS) components on Oracle 8.1.7.4 on all operating 
systems. This is due to a problem with the install sql script: rather than 
executing

SELECT DBMS_REGISTRY.SCRIPT('CONTEXT','@...cpu.sql')....

the install script executes

SELECT DBMS_REGISTRY.SCRIPT('CTX','@...cpu.sql')....

So, even if you have Oracle Text installed the patch installer will not 
install the updated PL/SQL packages. The fall out from this means that your 
servers may still be vulnerable to the Oracle Text flaws; these allow a low 
privileged user to gain DBA privileges. Further, if the RDBMS is part of a 
web application that uses Oracle Portal (OAS, IAS, Oracle HTTP Server) then 
an attacker may exploit this from the Internet without a userID and 
password.

To check if you are still vulnerable execute the following query

select owner,package_name,object_name from all_arguments where owner = 
'CTXSYS' and package_name = 'DRILOAD' and object_name = 'VALIDATE_STMT';

If no row is returned then you are not vulnerable but if a row is returned 
then you are vulnerable. In this case you should manually apply the 
ctxcpu.sql script.

NGSSQuirreL for Oracle, the leading vulnerability assessment scanner for 
Oracle RDBMSes, checks for these problems as well as the other many issues 
that still afflict Oracle. More information about NGSSQuirreL can be found 
here - http://www.ngssoftware.com/squirrelora.htm

Cheers,
The NGSResearch Team

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ