Next Page >>
database server
Introduction
------------
The following advisory explains a vulnerability I found in 2008 in all
versions of Oracle Database server until very recently. The bug is
probably available in any Oracle Database version since 1999 (Oracle 8i)
to the latest one (Oracle 11g) without the CPU-APR-2012. The bug was
reported to Oracle in 2008 so it "only" took them 4 years to fix the
vulnerability since reported.
fingerprint, retrieve DBMS session user and database, enumerate users,
password hashes, privileges, databases, dump entire or user's
specified DBMS tables/columns, run his own SQL statement, read or
write either text or binary files on the file system, execute
arbitrary commands on the operating system, establish an out-of-band
stateful connection between the attacker box and the database server
via Metasploit payload stager, database stored procedure buffer
overflow exploitation or SMB relay attack and more.
Changes
Risk Level:
Medium
Affected versions:
Oracle Database Server versions 9iR2, 10gR1, 10gR2 and 11gR1
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Risk Level:
High
Affected versions:
Oracle Database Server versions 8iR3, 9iR1, 9iR2 (9.2.0.6 and previous
patchsets) and 10gR1 (10.1.0.4 and previous patchsets)
Remote exploitable:
Yes (Authentication to Database Server is needed)
Risk Level:
High
Affected versions:
IBM DB2 Database Server v9.1 and 9.5 on Windows platform.
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Risk Level:
High
Affected versions:
All versions of IBM DB2 Database Server.
Remotely exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Risk Level:
High
Affected versions:
All versions of IBM DB2 Database Server.
Remotely exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Risk Level:
Medium
Affected versions:
Oracle Database Server versions 9iR1, 9iR2 (9.2.0.7 and previous
patchsets) and 10gR1
Remote exploitable:
Yes (Authentication to Database Server is needed)
Risk Level:
Medium
Affected versions:
Oracle Database Server version 10gR1, 10gR2 and 11gR1
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
January 29, 2009
Risk Level:
High
Affected versions:
Oracle Database Server version 9iR2
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Risk Level:
High
Affected versions:
IBM DB2 Database Server v9.1 and 9.5 on Windows platform.
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Risk Level:
Medium
Affected versions:
Oracle Database Server versions 9iR1, 9iR2 (9.2.0.7 and previous
patchsets) and 10gR1
Remote exploitable:
Yes (Authentication to Database Server is needed)
Risk Level:
Medium
Affected versions:
Oracle Database Server versions 9iR1, 9iR2 (9.2.0.7 and previous
patchsets) and 10gR1
Remote exploitable:
Yes (Authentication to Database Server is needed)
Risk Level:
High
Affected versions:
All versions of IBM DB2 Database Server on Windows platform.
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
DM Database Server Memory Corruption Vulnerability
Vulnerable: All Version
Vendor: www.dameng.com
Discovered by: Shennan Wang (HuaweiSymantec SRT)
Details:
=========
|
| Risk Level:
| Medium
|
| Affected versions:
| Oracle Database Server versions 9iR1, 9iR2, 10gR1, 10gR2 and 11gR1
|
| Remote exploitable:
| Yes (Authentication to Database Server is needed)
|
| Credits:
Risk Level:
Medium
Affected versions:
Oracle Database Server versions 9iR1, 9iR2, 10gR1, 10gR2 and 11gR1
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Risk Level:
Medium
Affected versions:
Oracle Database Server versions 10gR1, 10gR2 and 11gR1
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Risk Level:
Medium
Affected versions:
Oracle Database Server version 9iR1 and 9iR2
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Risk Level:
Medium
Affected versions:
Oracle Database Server versions 10gR1, 10gR2 and 11gR1
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
We appreciate the responsible disclosure, but I am looking at the
advisories for Oct 2010 from Oracle (see
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html) and
I do not see this "fix" listed anywhere. I see Java VM stuff but only in
the context of being fixed as part of another, parent component like
Database Server.
Am I looking in the wrong place?
>
> For more information on the new release of JRE/JDK
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that the Zope Object Database (ZODB) database server
(ZEO) improperly filtered certain commands when a database is shared among
multiple applications or application instances. A remote attacker could
send malicious commands to the server and execute arbitrary code.
(CVE-2009-0668)
Debian-specific: no
CVE ID : CVE-2012-1151
Debian Bug : 661536
Niko Tyni discovered two format string vulnerabilities in DBD::Pg, a Perl
DBI driver for the PostgreSQL database server, which can be exploited
by a rogue database server.
For the stable distribution (squeeze), this problem has been fixed in
version 2.17.1-2+squeeze1.
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 01, 2008
I. BACKGROUND
Ingres Database is a database server used in several Computer
Associates' products. For example, CA Directory Service uses the Ingres
Database server. More information can be found on the vendor's website
at the following URL.
http://ingres.com/downloads/prod-cert-download.php
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 01, 2008
I. BACKGROUND
Ingres Database is a database server used in several Computer
Associates' products. For example, CA Directory Service use thes Ingres
Database server. More information can be found on the vendor's website
at the following URL.
http://ingres.com/downloads/prod-cert-download.php
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 01, 2008
I. BACKGROUND
Ingres Database is a database server used in several Computer
Associates' products. For example, CA Directory Service use thes Ingres
Database server. More information can be found on the vendor's website
at the following URL.
http://ingres.com/downloads/prod-cert-download.php
> advisories for Oct 2010 from Oracle (see
> http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
> ) and
> I do not see this "fix" listed anywhere. I see Java VM stuff but only in
> the context of being fixed as part of another, parent component like
> Database Server.
>
> Am I looking in the wrong place?
> [...].
>
> Yes. Have a look here:
Published: June 19, 2009
Updated: June 19, 2009
INTRODUCTION
There exists a vulnerability within a function of the ToolTalk database server
(rpc.ttdbserverd), which when properly exploited can lead to remote compromise
of the vulnerable system.
This vulnerability was confirmed by us in the following versions of operating
systems, other operating systems and versions may be also affected.
CVE Name: N/A
*Vulnerability Description*
The Borland Interbase 2007 database server [1] is vulnerable to an
integer overflow when a malformed packet is sent to the default TCP port
3050. The integer overflow can cause a stack overflow, which allows
arbitrary code execution with system privileges.
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of IBM Informix Database Server. SQL query
execution privileges are required to exploit this vulnerability.
The specific flaw exists within the oninit process bound to TCP port
9088 when processing the arguments to the USELASTCOMMITTED option in a
SQL query. User-supplied data is copied into a stack-based buffer
Next Page>>
|
