-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yessir.
On Wed, 17 Oct 2007 10:27:49 -0400 David Litchfield <[EMAIL PROTECTED]> wrote: >(resend with title...) > >NGSSoftware Insight Security Research Advisory > >Name: SQL Injection Flaw in Oracle Workspace Manager >Systems Affected: Oracle 10g release 1 and 2, Oracle 9i >Severity: High >Vendor URL: http://www.oracle.com/ >Author: David Litchfield [ [EMAIL PROTECTED] ] >Reported: 22nd August 2006 >Date of Public Advisory: 17th October 2007 >Advisory number: #NISR17102007B > > >Description >*********** >The Workspace Manager in Oracle 10g release 1 and 2 and Oracle 9i >is >vulnerable to SQL injection. > >Details >******* > >The Workspace Manager, owned by SYS, contains a package called LT. >This >package is owned and defined by the SYS user and can be executed >by PUBLIC. >LT contains a procedure called FINDRICSET which calls the >FINDRICSET package >in the LTRIC package. This is vulnerable to SQL injection and can >be abused >by an attacker to gain SYS privileges. > > >Fix Information >*************** >Oracle was alerted to this flaw on the 22nd of August 2006. A >patch has now >been made available: > >http://www.oracle.com/technology/deploy/security/critical-patch- >updates/cpuo >ct2007.html > >NGSSQuirreL for Oracle, an advanced vulnerability assessment >scanner >designed specifically for Oracle, can be used to accurately >determine >whether your servers are vulnerable to this flaw. More information >about >NGSSQuirreL for Oracle can be found here: > >http://www.ngssoftware.com/products/database-security/ngs-squirrel- >oracle.ph >p > > >About NGSSoftware >***************** >NGSSoftware develops vulnerability assessment and compliancy tools >for >database servers including Oracle, Microsoft SQL Server, DB2, >Sybase and >Informix. Headquartered in the United Kingdom NGS has offices in >London, St. >Andrews (UK), Brisbane, and Perth (Australia) and Seattle in the >United >States; NGSConsulting provide services to some of the largest and >most >demanding organizations around the globe. >http://www.ngssoftware.com/ >Telephone +44 208 401 0070 >Fax +44 208 401 0076 >[EMAIL PROTECTED] > >-- >E-MAIL DISCLAIMER > >The information contained in this email and any subsequent >correspondence is private, is solely for the intended recipient(s) >and >may contain confidential or privileged information. For those >other than >the intended recipient(s), any disclosure, copying, distribution, >or any >other action taken, or omitted to be taken, in reliance on such >information is prohibited and may be unlawful. If you are not the >intended recipient and have received this message in error, please >inform the sender and delete this mail and any attachments. > >The views expressed in this email do not necessarily reflect NGS >policy. >NGS accepts no liability or responsibility for any onward >transmission >or use of emails and attachments having left the NGS domain. > >NGS and NGSSoftware are trading names of Next Generation Security >Software Ltd. Registered office address: 52 Throwley Way, Sutton, >SM1 >4BF with Company Number 04225835 and VAT Number 783096402 > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkcWTCAACgkQqTTbVuUWvbKxOgP9ExWHtaYpV3AddcIg4GjBW+ebDa+A PQaXD1NWux8rCNhxFfSi29wH3Uy9EyTuhsst+OYT9az+Jge2wDkHLQ+DMuLz8f4ghvkq cBw1M8ugNwm0t3Lz2o9sbZbabpRvC2c8KCN7clEqzStAWqRh0O9GgLd8mnUHxNspDN1s 0Tn8ZJg= =rhgC -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
