15553 : Oracle Database Server Change Data Capture Component DBMS_CDC_SUBSCRIBE SUBSCRIPTION_NAME Parameter SQL Injection
Printer | http://osvdb.org/15553 | Email This | Edit Vulnerability

Views This Week Views All Time Added to OSVDB Last Modified Modified (since 2008) Percent Complete
2 1279 about 9 years ago over 2 years ago 2 times 90%

Timeline

Disclosure Date
2005-04-18

Description

Oracle Database Server contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'SUBSCRIPTION_NAME' parameter in the 'DBMS_CDC_SUBSCRIBE' package not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public
Disclosure: Vendor Verified

Solution

Oracle has released a patch which attempted to patch this vulnerability. Subsequent testing has revealed that the actual source of the problem lies
within the underlying java class files. The April patch fails to properly load
the newer patched classes which means that these problems can still be
exploited on some versions. Oracle 10g systems with patchset 2 and the April patch have been tested and appear to mitigate the issue.

Products

Oracle Corporation
Database 10g
R1 10.1.0.2
R1 10.1.0.3
R1 10.1.0.3.1
R1 10.1.0.4
Database 9i
R2 9.2.0.5
R2 9.2.0.6

References

Tools & Filters

18034
2822 2840

Credit

  • Esteban Martinez Fayo - infoappsecinc.com - Application Security, Inc.

CVSSv2 Score

CVSSv2 Base Score = 7.5
Source: nvd.nist.gov | Generated: 2007-03-08 | Disagree?

Access_vector_2 Access_complexity_2 Authentication_2 Confidentiality_impact_1 Integrity_impact_1 Availability_impact_1

Comments

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2002 - 2014 Open Sourced Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use