Форум Торонто - Torontovka.com
[Search] [Rules] [Register] [Login]
Forums » Archive » Oracle Portal (PL/SQL) Component Vulnerability  
Page: [1]
Author Message
Joined: 3/20/2003
Posts: 2505
Posted on Thursday, November 10, 2005 1:38:58 PM
 
Date: November 10, 2005

Vulnerability Title: Oracle Portal Component of Oracle Application and Web Servers

Severity Level: 3
Description:
· Oracle Portal (PL/SQL) Component Vulnerability
It has been discovered that an attacker can easily gain full control of a fully patched Oracle database server via Oracle Portal, a component of Oracle Application Server and the Oracle HTTP Server. The attack is trivial and can be launched from the Internet by an attacker with no valid user ID and password. A successful attack will give the attacker full control over the database server.
Affected Software:
· Oracle Portal (PL/SQL)
· Oracle Application Server
· Oracle Web Server
· Oracle Database Server

Impact of Vulnerability: Remote Full Access

Risk Definition

Number and types of systems affected: Low
Impact and damage: High

Solution:

Unfortunately there is no patch available for these problems yet. Certain things can be done to limit exposure however. Though some of the problems lie in Oracle Portal on the web server the risk can be
mitigated at the backend. Firstly, an unpatched database server provides more vectors for a successful attack than a patch one so ensuring that the database server is fully patched is a good start. Oracle has
recently released a patchset available from here:

https://metalink.oracle.com/metalink/plsql/ml2_documents.showNOT?p_id=333953.1

For fully patched servers, a number of bugs are known in the database server that could be used as an attack vector to gain full control. On fully patched systems these vectors can be removed by revoking public access from the following vulnerable components:

SYS.DBMS_CDC_SUBSCRIBE
SYS.DBMS_CDC_ISUBSCRIBE
SYS.DBMS_CDC_IPUBLISH
SYS.DBMS_EXPORT_EXTENSION
SYS.KUPM$MCP
SYS.KUPW$WORKER
MDSYS.SDO_CATALOG
MDSYS.SDO_SAM
WKSYS.WK_SNAPSHOT

When a patch does become available customers are advised to install the patch as soon as possible.

This solution helps to prevent an attacker gaining DBA privileges. An
attacker will still be able to interact with the backend database server
and gain at least read access [SELECT] to data and possibly write
[UPDATE / INSERT / DELETE] access. As to whether a system is taken
offline as a security measure whilst Oracle prepares a
patch is a decision that NGSSoftware cannot advise on in the general
case.

Expected Action:

Fully patch backend database servers and remove public access to the vulnerable components as soon as possible.

Reference Links:

http://www.ngssoftware.com/
(NGSSoftware is the company that discovered and reported this issue)
Joined: 7/18/2003
Posts: 1417
Posted on Thursday, November 10, 2005 5:01:00 PM
 
SQL Injection

Фигня, к Ораклу отношение имеет такое же как и к ДБ2, МСфт, и т.д.

К примеру, есть Торонтовка, и надо вставить Юзер и Пароль. Если программка написана плохо (String Concatenations, etc.) , то можно "вставить" по-полной.
Page: [1]
Forums » Archive » Oracle Portal (PL/SQL) Component Vulnerability  
Copyright © 2019 Torontovka.com, All rights reserved