[Full-disclosure] 0day Oracle 10g exploit - dbms_aq.enqueue - become DBA

From: "Andrea \"bunker\" Purificato" <bunker@xxxxxxxxxxxxx>
Date: Mon, 02 Apr 2007 12:33:12 +0200

[0-day] Remote Oracle DBMS_AQ.ENQUEUE exploit (10g)

Grant or revoke dba permission to unprivileged user
Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0"

AUTHOR: Andrea "bunker" Purificato
http://rawlab.mindcreations.com

DATE: Mon Apr 2 11:54:22 CEST 2007

PATCH: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
(CVE-2007-0268 ?)

You can find the evil code here:
http://rawlab.mindcreations.com/codes/exp/oracle/dbms_aq-enqueue.pl

Regards,
--
Andrea "bunker" Purificato
+++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++
++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++.

http://rawlab.mindcreations.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] [RECTIFY] Oracle 10g exploit - dbms_aq.enqueue - become DBA
  - From: Andrea \"bunker\" Purificato
- Re: [Full-disclosure] 0day Oracle 10g exploit - dbms_aq.enqueue - become DBA
  - From: Gadi Evron

Prev by Date: Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
Next by Date: Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
Previous by thread: [Full-disclosure] Metasploit vs ANI
Next by thread: Re: [Full-disclosure] 0day Oracle 10g exploit - dbms_aq.enqueue - become DBA
Index(es):
- Date
- Thread

Relevant Pages

0day Oracle 10g exploit - dbms_aq.enqueue - become DBA
... Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" ... PATCH: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html ... You can find the evil code here: ...
(Bugtraq)
Re: MS02-018 Breaking ASP ODBC
... Just lucky I guess. ... > load some VB components that fail to connect to my Oracle database. ... Uninstalling the patch did not help. ... but this just killed one our production servers. ...
(microsoft.public.inetserver.iis.security)
Re: MS02-018 Breaking ASP ODBC
... Applied Q320206 and it broke ASP. ... Probably some simple explanation, but I had to uninstall (which did work, by ... > load some VB components that fail to connect to my Oracle database. ... Uninstalling the patch did not help. ...
(microsoft.public.inetserver.iis.security)
Re: A potential bug (infinite loop) in Oracle: querying v$access
... On Jan 23, 1:35 pm, Frank van Bortel ... Disconnected from Oracle Database 10g Enterprise Edition Release ... both Linux and AIX. ...
(comp.databases.oracle.server)
Re: public DST patches for 10g?
... Oracle Database 10g Release 2 for Solaris Operating ... are there public patches available? ... hours to find the patch itself was very simple, ... our time zone was still not in it. ...
(comp.databases.oracle.server)