lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: xbud at g0thead.com (xbud) Subject: [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server Actually this sounds like someone stole Litchfield's research - but what do I know. Just seems like too much coincidence since his last talk dealt with procedure based vulns. On Thursday 02 September 2004 08:32 am, Mark Shirley wrote: > Now that's what i've been waiting for :) > > On Wed, 01 Sep 2004 19:20:25 -0400, SHATTER <shatter@...secinc.com> wrote: > > AppSecInc Advisory: Multiple vulnerabilities in Oracle Database Server > > > > Date: > > August 31, 2004 > > > > Detailed Information Provided Online At: > > http://www.appsecinc.com/resources/alerts/oracle/2004-0001/ > > > > Credit: > > These vulnerabilities were researched and discovered by Cesar Cerrudo > > and Esteban Martinez Fayo of Application Security, Inc. > > (www.appsecinc.com) > > > > Risk Level: > > High > > > > Abstract: > > Multiple buffer overflow and denial of service (DoS) vulnerabilities > > exist in the Oracle Database Server which allow database users to take > > complete control over the database and optionally cause denial of > > service. > > > > The official advisory from Oracle Corporation can be obtained from: > > http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf > > > > Details: > > > > http://www.appsecinc.com/resources/alerts/oracle/2004-0001/ > > > > #1 - Buffer overflow in public procedure DROP_SITE_INSTANTIATION of > > DBMS_REPCAT_INSTANTIATE package > > > > #2 - Buffer overflow in public function INSTANTIATE_OFFLINE of > > DBMS_REPCAT_INSTANTIATE package > > > > #3 - Buffer overflow in public function INSTANTIATE_ONLINE of > > DBMS_REPCAT_INSTANTIATE package > > > > #4 - Buffer overflow on "gname" parameter on procedures of Replication > > Management API Packages > > > > #5 - Buffer overflow on "sname" and "oname" parameters on procedures of > > DBMS_REPCAT package > > > > #6 - Buffer overflow on "type" parameter on procedures of DBMS_REPCAT > > package > > > > #7 - Buffer overflow on "gowner" parameter on procedures of the > > DBMS_REPCAT package > > > > #8 - Buffer overflow on "operation" parameter on procedures of > > DBMS_REPCAT package > > > > #9 - Buffer overflow in procedure CREATE_MVIEW_REPGROUP of DBMS_REPCAT > > package > > > > #10 - Buffer overflow in procedure GENERATE_REPLICATION_SUPPORT of > > DBMS_REPCAT package > > > > #11 - Buffer overflow in procedures REGISTER_USER_REPGROUP and > > UNREGISTER_USER_REPGROUP of DBMS_REPCAT_ADMIN package > > > > #12 - Buffer overflow in functions INSTANTIATE_OFFLINE, > > INSTANTIATE_ONLINE and procedure DROP_SITE_INSTANTIATION of > > DBMS_REPCAT_RGT package > > > > #13 - Buffer overflow on TEMPFILE parameter > > > > #14 - Buffer overflow on LOGFILE parameter > > > > #15 - Buffer overflow on CONTROLFILE parameter > > > > #16 - Buffer overflow on FILE parameter > > > > #17 - Buffer overflow in Interval Conversion Functions > > > > #18 - Buffer overflow in String Conversion Function > > > > #19 - Buffer overflow in CTX_OUTPUT Package Function > > > > #21 - Buffer overflow on DATAFILE parameter > > > > #22 - Buffer overflow in DBMS_SYSTEM package function > > > > #24 - Buffer overflow on "fname" parameter of the DBMS_REPCAT* packages > > > > #25 - Buffer overflow on procedures of the Replication Management API > > packages > > > > #26 - Heap based buffer overflow Vulnerability in Oracle 10g iSQL*PLus > > Service > > > > #27 - Buffer overflow in procedure AQ_TABLE_DEFN_UPDATE of > > DBMS_AQ_IMPORT_INTERNAL package > > > > #28 - Buffer overflow in procedure VERIFY_QUEUE_TYPES_GET_NRP of > > DBMS_AQADM package > > > > #29 - Buffer overflow in procedure VERIFY_QUEUE_TYPES_NO_QUEUE of > > DBMS_AQADM package > > > > #30 - Buffer overflow in procedure VERIFY_QUEUE_TYPES of DBMS_AQADM_SYS > > package > > > > #31 - Buffer overflow in procedure PARALLEL_PUSH_RECOVERY of > > DBMS_DEFER_INTERNAL_SYS package > > > > #32 - Buffer overflow in procedure ENABLE_PROPAGATION_TO_DBLINK of > > DBMS_DEFER_REPCAT package > > > > #33 - Buffer overflow in procedure DISABLE_RECEIVER_TRACE of > > DBMS_INTERNAL_REPCAT package > > > > #34 - Buffer overflow in procedure ENABLE_RECEIVER_TRACE of > > DBMS_INTERNAL_REPCAT package > > > > #35 - Buffer overflow in procedure VALIDATE of DBMS_INTERNAL_REPCAT > > package > > > > #36 - Buffer overflow in procedure DIFFERENCES of DBMS_RECTIFIER_DIFF > > package > > > > #37 - Buffer overflow in procedure ADD_COLUMN of DBMS_REPCAT_RQ package > > > > #39 - Buffer overflow in procedure IS_MASTER of DBMS_REPCAT_UTL package > > > > #40 - Buffer overflow in procedure PUSHDEFERREDTXNS of LTUTIL package > > > > #41 - Buffer overflow in public procedure SDO_CODE_SIZE of MD2 package > > > > #42 - Buffer overflow in public procedure VALIDATE_GEOM of MD2 package > > > > #43 - Buffer overflow in public procedure SDO_CODE_SIZE of SDO_ADMIN > > package > > > > #44 - Buffer overflow in procedure SUBINDEXPOPULATE of DRIDDLR package > > > > To determine if you are vulnerable, please download AppDetective from: > > > > http://www.appsecinc.com/products/appdetective/oracle/ > > > > Comments: > > > > Exploitation of these vulnerabilities will allow an attacker to > > completely compromise the OS and the database if Oracle is running on > > Windows platform, because Oracle must run under the local System account > > or under an administrative account. If Oracle is running on *nix then > > only the database would be compromised because Oracle runs mostly under > > oracle user which has restricted permissions. > > > > Workaround: > > > > -Check packages permissions and remove public permissions. Set minimal > > permissions that fit your needs. > > -Restrict users to execute PL/SQL statements directly over the server. > > -Periodically audit user permissions on all database objects. > > -Lock users that aren't used. > > -Change default passwords. > > -Keep Oracle up to date with patches. > > > > Vendor Contact: > > Vendor was contacted and has released fixes. > > > > Credit: > > > > Esteban Martinez Fayo of Application Security, Inc. (www.appsecinc.com) > > discovered all of the following issues: > > #1,#2,#3,#4,#5,#6,#7,#8,#9,#10,#11,#12,#24,#25,#26,#27,#28,#29,#30,#31,#3 > >2,#33,#34,#35,#36,#37,#39,#40,#41,#42,#43,and #44 > > > > Cesar Cerrudo of Application Security, Inc. (www.appsecinc.com) > > discovered all of the following issues: > > #13,#14,#15,#16,#17,#18,#19,#21,#22 > > > > -- > > Thank you, > > shatter@...secinc.com > > Application Security, Inc. > > phone: 212-947-8787 > > fax: 212-947-8788 > > > > ---------------------------------------------------------------------- > > Application Security, Inc. > > www.appsecinc.com > > > > AppSecInc is the leading provider of database security solutions for > > the enterprise. AppSecInc products proactively secure enterprise > > applications at more than 200 organizations around the world by > > discovering, assessing, and protecting the database against rapidly > > changing security threats. By securing data at its source, we enable > > organizations to more confidently extend their business with > > customers, partners and suppliers. Our security experts, combined > > with our strong support team, deliver up-to-date application > > safeguards that minimize risk and eliminate its impact on business. > > ---------------------------------------------------------------------- > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists