|
|
|
|
| |
Credit:
The information has been provided by Esteban Mart nez Fay .
The original article can be found at: http://www.appsecinc.com/resources/alerts/oracle/2009-04.shtml
|
| |
Vulnerable Systems:
* Oracle Enterprise Manager Database Control versions 11.1.0.6 and 11.1.0.7
* Oracle Enterprise Manager 10g Grid Control version 10.2.0.4 and prior
SQL Injection works by attempting to modify the parameters passed to an application to change the SQL statements that are passed to a database. SQL injection can be used to insert additional SQL statements to be executed. The 'Type', 'snapshot' and 'table' parameters used in web page /em/console/ecm/history/configHistory and 'fConfigGuid' parameter used in /em/console/ecm/config/compare/compareWizSecondConfig are vulnerable to SQL Injection attacks. These web pages are part of Oracle Enterprise Manager web application. It may be possible for a malicious user to execute a function with the elevated privileges of the SYSMAN database user in the repository database. This user has the DBA role granted.
Patch Availability:
Apply Oracle Critical Patch Update July 2009
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html
CVE Information:
CVE-2009-1966
CVE-2009-1967
Disclosure Timeline:
7/11/2008 Vendor Notification
7/14/2008 Vendor Response
7/14/2009 Fix
7/22/2009 Public Disclosure
|
|
|
|
|
