|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=690
|
| |
Vulnerable Systems:
* Oracle Application Express version 3.0.1.00.08, which is installed by default with Oracle Database 11g R1 (version 11.1.0.6.0)
The vulnerability exists in "run_ddl" function within the "wwv_execute_immediate" package. This package is included in the "flows_030000" schema. This function allows attackers to execute SQL commands as any database user, such as SYS.
Analysis:
Exploitation allows the attacker to execute SQL commands as any database user. In order to exploit this vulnerability, an attacker must have access to an account which can execute the "flows_030000.wwv_execute_immediate.run_ddl" function. On a default installation of Oracle Database 11g, the following non-DBA users can execute this function: WMSYS, WKSYS, FLOWS_030000, OUTLN.
If combined with other SQL injection vulnerabilities which give access to above accounts, an attacker with normal database user access can take control of the whole database and possibly the whole computer system.
Workaround:
Exploitation of this vulnerability can be prevented, if this component is not being used, by uninstalling Oracle Application Express.
Vendor response:
Oracle has addressed this issue within the April 2008 Critical Patch Update. For more information, visit the following URL.
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html
CVE Information:
CVE-2008-1811
Dislcosure timeline:
01/18/2008 - Initial vendor notification
01/22/2008 - Initial vendor response
04/15/2008 - Coordinated public disclosure
|
|
|
|
|
