Next Page >>
Oracle database
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The DBA role in Oracle Database is not the same as SYSDBA privilege,
which is granted to SYS. There are many things that a user granted the
DBA role can't do - the most important being the ability to alter SYS
owned objects. This is true on databases where
O7_DICTIONARY_ACCESSIBILITY=FALSE (default value).
This vulnerability allows any user with execute privileges on the
Sent to mailing list without permission :
Oracle 0xDEADF00D
Alexander Kornbrust, CEO of Red Database Security GmbH and Oracle Database security expert noticed that Oracle recently released their Oracle Database 11g for Linux with a new password hashing algorithm. They do so, to improve security by introducing case-sensitive passwords in the year 2007! Alex asked us to figure out what kind of cryptographic algorithms and methods are actually used, because he'd like to update his Oracle Security Scanner.
We did, regardless of the expected nightmares, Fear and Laughing in Oracle.
Since Oracle is shipped as closed software and releases will be provided as binary/executable program only, we analyzed the Linux ELF binary executable files, because a windows version of Oracle 11g seems to be not released yet.
Apr 15, 2008
I. BACKGROUND
Oracle Application Express (Oracle APEX), formerly called HTML DB, is a
rapid web application development tool for the Oracle database. For
more information about Oracle Application Express, please visit
following URL.
http://www.oracle.com/technology/products/database/application_express/index.html
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database multiple SQL Injection vulnerabilities in Workspace
Manager
November 12, 2008
Risk Level:
http://labs.idefense.com/intelligence/vulnerabilities/
Jan 12, 2009
I. BACKGROUND
Oracle Database Server is a family of database products that range from
personal databases to enterprise solutions. Further information is
available at the following URL:
http://www.oracle.com/database/index.html
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 15, 2008
I. BACKGROUND
Oracle Database Server is a family of database products that range from
personal databases to enterprise solutions. Further information is
available at the following URL.
http://www.oracle.com/database/index.html
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
*Oracle Database Multiple SQL Injection vulnerabilities in LTADM*
November 12, 2008
Risk Level:
Medium
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database SQL Injection in
SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE
November 12, 2008
Risk Level:
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 15, 2008
I. BACKGROUND
Oracle Database Server is a family of database products that range from
personal databases to enterprise solutions. Further information is
available at the following URL.
http://www.oracle.com/database/index.html
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
January 29, 2009
Risk Level:
High
Affected versions:
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-010
http://dsecrg.com/pages/vul/show.php?id=110
Application: Oracle Database 10G
Versions Affected: Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4
Vendor URL: http://oracle.com
Bugs: PL/SQL Injections
Exploits: YES
Reported: 29.01.2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database SQL Injection in SYS.DBMS_CDC_UTILITY.LOCK_CHANGE_SET (DB02)
April 28, 2008
Risk Level:
Medium
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database Buffer Overflow in SYS.DBMS_AQJMS_INTERNAL (DB15)
April 28, 2008
Risk Level:
Medium
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database SQL Injection in SYS.DBMS_CDC_UTILITY.LOCK_CHANGE_SET (DB02)
April 28, 2008
Risk Level:
Medium
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Alert
Oracle Database Buffer overflow vulnerability in procedure
DBMS_AQADM_SYS.DBLINK_INFO
October 29, 2007
Risk Level:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database Buffer Overflow in SYS.DBMS_AQJMS_INTERNAL (DB15)
April 28, 2008
Risk Level:
Medium
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Alert
Oracle Database Buffer overflow vulnerability in function
MDSYS.SDO_CS.TRANSFORM
October 29, 2007
Risk Level:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
SQL Injection in Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN)
August 4, 2008
Risk Level:
Medium
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database SQL Injection in
SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE
November 12, 2008
Risk Level:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME
(DB11)
April 28, 2008
Risk Level:
III. AFFECTED PRODUCTS
---------------------------
Oracle Database 10g Release 2 version 10.2.0.3 and prior
Oracle Database 10g Release 1 version 10.1.0.5 and prior
Oracle Application Server 10gR2 version 10.1.2.3.0 and prior
Oracle Identity Management 10g version 10.1.4.3 and prior
Oracle Enterprise Manager Grid Control
Risk Level:
Medium
Affected versions:
Oracle Database Server version 10gR2, 11gR1 and 11gR2
Remote exploitable:
Yes
Apologies for the very late reply, but I had a question regarding your
advisory. I am CC'ing Oracle's security contact in hopes they can also
reply with clarification.
: Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11)
: Details:
: Oracle Database Server provides the SYS.KUPF$FILE_INT package. This
: package contains the procedure GET_FULL_FILENAME which is vulnerable to
: buffer overflow attacks.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Buffer Overflow in Resource Manager of Oracle Database - Plan name parameter
August 27, 2009
Risk Level:
Medium
: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
: Risk Level: High
: Oracle Database Server provides the SYS.OLAPIMPL_T package. This package
: contains the procedure ODCITABLESTART which is vulnerable to buffer
: overflow attacks. Impact: By default SYS.OLAPIMPL_T has EXECUTE
: permission to PUBLIC so any Oracle database user can exploit this
: vulnerability. Exploitation of this vulnerability allows an attacker to
http://labs.idefense.com/intelligence/vulnerabilities/
Nov 07, 2007
I. BACKGROUND
Oracle Database Server is a family of database products that range from
personal databases to enterprise solutions. Further information is
available at the following URL.
http://www.oracle.com/database/index.html
Risk Level:
High
Affected versions:
Oracle Database Server version 10gR1, 10gR2, 11gR1 and 11gR2
Remote exploitable:
No
Credits:
Risk Level:
Medium
Affected versions:
Oracle Database Server version 10gR1, 10gR2 and 11gR1
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Risk Level:
High
Affected versions:
Oracle Database Server version 10gR1, 10gR2, 11gR1 and 11gR2 (on Windows platform)
Remote exploitable:
Yes
The main problem with the Oracle CVSS base scores is more with CVSS than
Oracle. Under the CVSSv2 definition of
Confidentiality/Integrity/Availability impact, if the entire database is
compromised but not the "entire system" then the metric value will be
Partial rather than Complete. Since the large majority of Oracle database
vulnerabilities require a valid database session unless exploited via a
blended threat (i.e., such as SQL injection which is completely ignored by
Oracle in any analysis), the maximum realistic score for an Oracle database
vulnerability is 6.5 since CIA impact will only ever be Partial except in
rare occasions. Oracle does include a "Partial+" in the advisories to
Next Page>>
|
