Next Page >>
Oracle DB
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The DBA role in Oracle Database is not the same as SYSDBA privilege,
which is granted to SYS. There are many things that a user granted the
DBA role can't do - the most important being the ability to alter SYS
owned objects. This is true on databases where
O7_DICTIONARY_ACCESSIBILITY=FALSE (default value).
This vulnerability allows any user with execute privileges on the
Sent to mailing list without permission :
Oracle 0xDEADF00D
Alexander Kornbrust, CEO of Red Database Security GmbH and Oracle Database security expert noticed that Oracle recently released their Oracle Database 11g for Linux with a new password hashing algorithm. They do so, to improve security by introducing case-sensitive passwords in the year 2007! Alex asked us to figure out what kind of cryptographic algorithms and methods are actually used, because he'd like to update his Oracle Security Scanner.
We did, regardless of the expected nightmares, Fear and Laughing in Oracle.
Since Oracle is shipped as closed software and releases will be provided as binary/executable program only, we analyzed the Linux ELF binary executable files, because a windows version of Oracle 11g seems to be not released yet.
Apr 15, 2008
I. BACKGROUND
Oracle Application Express (Oracle APEX), formerly called HTML DB, is a
rapid web application development tool for the Oracle database. For
more information about Oracle Application Express, please visit
following URL.
http://www.oracle.com/technology/products/database/application_express/index.html
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database multiple SQL Injection vulnerabilities in Workspace
Manager
November 12, 2008
Risk Level:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
*Oracle Database Multiple SQL Injection vulnerabilities in LTADM*
November 12, 2008
Risk Level:
Medium
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 15, 2008
I. BACKGROUND
Oracle Database Server is a family of database products that range from
personal databases to enterprise solutions. Further information is
available at the following URL.
http://www.oracle.com/database/index.html
http://labs.idefense.com/intelligence/vulnerabilities/
Jan 12, 2009
I. BACKGROUND
Oracle Database Server is a family of database products that range from
personal databases to enterprise solutions. Further information is
available at the following URL:
http://www.oracle.com/database/index.html
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-010
http://dsecrg.com/pages/vul/show.php?id=110
Application: Oracle Database 10G
Versions Affected: Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4
Vendor URL: http://oracle.com
Bugs: PL/SQL Injections
Exploits: YES
Reported: 29.01.2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database SQL Injection in SYS.DBMS_CDC_UTILITY.LOCK_CHANGE_SET (DB02)
April 28, 2008
Risk Level:
Medium
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database SQL Injection in
SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE
November 12, 2008
Risk Level:
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 15, 2008
I. BACKGROUND
Oracle Database Server is a family of database products that range from
personal databases to enterprise solutions. Further information is
available at the following URL.
http://www.oracle.com/database/index.html
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
SQL Injection in Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN)
August 4, 2008
Risk Level:
Medium
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database SQL Injection in
SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE
November 12, 2008
Risk Level:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database SQL Injection in SYS.DBMS_CDC_UTILITY.LOCK_CHANGE_SET (DB02)
April 28, 2008
Risk Level:
Medium
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
January 29, 2009
Risk Level:
High
Affected versions:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database Buffer Overflow in SYS.DBMS_AQJMS_INTERNAL (DB15)
April 28, 2008
Risk Level:
Medium
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME
(DB11)
April 28, 2008
Risk Level:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database Buffer Overflow in SYS.DBMS_AQJMS_INTERNAL (DB15)
April 28, 2008
Risk Level:
Medium
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Alert
Oracle Database Buffer overflow vulnerability in function
MDSYS.SDO_CS.TRANSFORM
October 29, 2007
Risk Level:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Alert
Oracle Database Buffer overflow vulnerability in procedure
DBMS_AQADM_SYS.DBLINK_INFO
October 29, 2007
Risk Level:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Buffer Overflow in Resource Manager of Oracle Database - Plan name parameter
August 27, 2009
Risk Level:
Medium
http://labs.idefense.com/intelligence/vulnerabilities/
Nov 07, 2007
I. BACKGROUND
Oracle Database Server is a family of database products that range from
personal databases to enterprise solutions. Further information is
available at the following URL.
http://www.oracle.com/database/index.html
: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
: Risk Level: High
: Oracle Database Server provides the SYS.OLAPIMPL_T package. This package
: contains the procedure ODCITABLESTART which is vulnerable to buffer
: overflow attacks. Impact: By default SYS.OLAPIMPL_T has EXECUTE
: permission to PUBLIC so any Oracle database user can exploit this
: vulnerability. Exploitation of this vulnerability allows an attacker to
Apologies for the very late reply, but I had a question regarding your
advisory. I am CC'ing Oracle's security contact in hopes they can also
reply with clarification.
: Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11)
: Details:
: Oracle Database Server provides the SYS.KUPF$FILE_INT package. This
: package contains the procedure GET_FULL_FILENAME which is vulnerable to
: buffer overflow attacks.
BugTraq, the Japan 2008 briefings audio is now on-line, plus a webinar from
Dave Litchfield is about to happen:
NEW FREE WEBCAST - Oracle Database Forensics
Black Hat's webcast series continues with another powerful presentation from
a popular Black Hat speaker. This month's presenter is David Litchfield of
NGS software, speaking on Oracle database forensics, and he will be
releasing a new tool called orablock which he describes this way:
Hi! Since I
need to audit the clients program used to access to my Oracle Database
(feature not supported by Oracle audit), I created the following trigger to do
it. I Hope it will be helpful for
somebody else…
McKesson Horizon Clinical Infrastructure, also known as McKesson HCI, utilizes hardcoded passwords
for Oracle database access. HCI serves as the patient record datastore for the majority of McKesson applications. There are two components to an HCI implementation: the Infrastructure (or Master) server
and the database back-end. The HCI Infrastructure Server has an Oracle client installed that initializes
OCI/sqlplus connections to the Oracle database back-end. A file on each HCI Infrastructure server
contains the database account usernames and their respective passwords, /usr/local/bin/password. Content from /usr/local/bin/password is shown:
# cat /usr/local/bin/password
AMBU:hacschema
QUEUE_USER:qmanager
SYS:alLp0ver2
The main problem with the Oracle CVSS base scores is more with CVSS than
Oracle. Under the CVSSv2 definition of
Confidentiality/Integrity/Availability impact, if the entire database is
compromised but not the "entire system" then the metric value will be
Partial rather than Complete. Since the large majority of Oracle database
vulnerabilities require a valid database session unless exploited via a
blended threat (i.e., such as SQL injection which is completely ignored by
Oracle in any analysis), the maximum realistic score for an Oracle database
vulnerability is 6.5 since CIA impact will only ever be Partial except in
rare occasions. Oracle does include a "Partial+" in the advisories to
This vulnerability was discovered and researched by Esteban Martnez
Fay of Application Security Inc.
Details:
Oracle Application Server installs the PL/SQL package WWEXP_API_ENGINE
owned by PORTAL in the backend Oracle database server. The 'ACTION'
procedure of this package has an instance of SQL Injection that allows
attackers to create anonymous PL/SQL programs and execute any kind of
PL/SQL statements. The statements are executed with the privileges of
the PORTAL user, that has DBA privileges. The vulnerability can be
exploited using a web application and without authentication.
Hi,
I write a presentation for a friend about how to bypass Oracle
Database Vault. It may be interesting for someone else...
You can download the presentation "Oracle Database Vault: The world is not
pink and I'm root" at:
http://inguma.sourceforge.net/docs/oracle_database_vault_en.pdf
Next Page>>
|
