[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20090114003223.CC444118040@smtp.hushmail.com>
Date: Tue, 13 Jan 2009 16:32:23 -0800
From: sexyazngrl69@....hush.com
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
davidl@...software.com
Subject: Re: Trigger Abuse of MDSYS.SDO_TOPO_DROP_FTBL in
Oracle 10g R1 and R2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
afaik, no one cares about oracle.
retarded blind scavengers make careers selling fallen, rotten,
previously low hanging fruit.
<3 2 n3td3v
> Tue, 13 Jan 2009 15:52:02 -0800 David Litchfield
<davidl@...software.com> wrote:
>NGSSoftware Insight Security Research Advisory
>
>Name: Trigger abuse of MDSYS.SDO_TOPO_DROP_FTBL
>Systems Affected: Oracle 10g R1 and R2 (10.1.0.5 and 10.2.0.2)
>Severity: High
>Vendor URL: http://www.oracle.com/
>Author: David Litchfield [ davidl@...software.com ]
>Reported: 23rd July 2008
>Date of Public Advisory: 13th January 2009
>Advisory number: #NISR13012009
>CVE: CVE-2008-3979
>
>Overview
>********
>Oracle has just released a fix for a flaw that, when exploited,
>allows a low
>privileged authenticated database user to gain MDSYS privileges.
>This can be
>abused by an attacker to perform actions as the MDSYS user.
>
>Details
>*******
>MDSYS.SDO_TOPO_DROP_FTBL is one of the triggers that forms part of
>the
>Oracle Spatial Application. It is vulnerable to SQL injection.
>When a user
>drops a table the trigger fires. The name of the table is embedded
>in a
>dynamic SQL query which is then executed by the trigger. Note that
>the
>Oracle advisory states that the attacker requires the DROP TABLE
>and CREATE
>PROCEDURE privileges. This is not the case and only CREATE SESSION
>
>privileges are required.
>
>Fix Information
>***************
>Oracle was alerted to this flaw on the 23rd July 2008. A patch has
>now been
>made available:
>
>http://www.oracle.com/technology/deploy/security/critical-patch-
>updates/cpujan2009.html
>
>NGSSQuirreL for Oracle, an advanced vulnerability assessment
>scanner
>designed specifically for Oracle, can be used to accurately
>determine
>whether your servers are vulnerable to these flaws. More
>information about
>NGSSQuirreL for Oracle can be found here:
>
>http://www.ngssoftware.com/products/database-security/ngs-squirrel-
>oraclephp
>
>About NGSSoftware
>*****************
>NGSSoftware, an NCC Group Company, develops vulnerability
>assessment and
>compliancy tools for database servers including Oracle, Microsoft
>SQL
>Server, DB2, Sybase and Informix. Headquartered in the United
>Kingdom NGS
>has offices in London, St. Andrews (UK), Brisbane, and Perth
>(Australia) and
>Seattle in the United States; NGS provide services to some of the
>largest
>and most demanding organizations around the globe.
>
>http://www.ngssoftware.com/
>Telephone +44 208 401 0070
>Fax +44 208 401 0076
>
>--
>E-MAIL DISCLAIMER
>
>The information contained in this email and any subsequent
>correspondence is private, is solely for the intended recipient(s)
>and
>may contain confidential or privileged information. For those
>other than
>the intended recipient(s), any disclosure, copying, distribution,
>or any
>other action taken, or omitted to be taken, in reliance on such
>information is prohibited and may be unlawful. If you are not the
>intended recipient and have received this message in error, please
>inform the sender and delete this mail and any attachments.
>
>The views expressed in this email do not necessarily reflect NGS
>policy.
>NGS accepts no liability or responsibility for any onward
>transmission
>or use of emails and attachments having left the NGS domain.
>
>NGS and NGSSoftware are trading names of Next Generation Security
>Software Ltd. Registered office address: Manchester Technology
>Centre,
>Oxford Road, Manchester, M1 7EF with Company Number 04225835 and
>VAT Number 783096402
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify
wpwEAQMCAAYFAkltMpcACgkQynWwk3/AtyOsbgP+LVLiKWqeGvuu/kFnm7sQXic8l5k1
9RYQ902ygOS4Nt67IkUgFgZBeTsN25d0mkH0hZDHulhTJOPNFGxwLuRVbXBF89JwjCO7
faHEhS73TGVmm3TnUTm1ZGEg1dto36LomtrR/H1YMmMnY41RCoK1ycj8QeEFfOFiuK/v
AKEkLFw=
=Y0II
-----END PGP SIGNATURE-----
--
Dreaming of a career in Medical Administration? Click here to make your dream career a reality.
http://tagline.hushmail.com/fc/PnY6qxukq5RffaxISSWG6OsKAmNS1Ot26fn4GDJCCtUikCP599Qla/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists