[NEWS] Oracle CTX_DOC Package Multiple SQL Injection Flaws



The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Oracle CTX_DOC Package Multiple SQL Injection Flaws
------------------------------------------------------------------------


SUMMARY

The Intermedia application in Oracle 10g release 1 and 2 is vulnerable to
SQL injection.

DETAILS

Vulnerable Systems:
* Oracle 10g release 1
* Oracle 10g release 2

The Intermedia application, owned by CTXSYS, contains a package called
CTX_DOC. This package contains multiple SQL injection flaws. The following
procedures on this package provide vectors for SQL injection attacks:
THEMES
GIST
TOKENS
FILTER
HIGHLIGHT
MARKUP

These can be exploited by a database user; further they can be exploited
via Oracle Application Server by an attacker without a user ID and
password across the Internet.

Vendor Status:
Oracle was alerted to these flaws on the 6th of June 2005. A patch has now
been made available:

<http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html> http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html


ADDITIONAL INFORMATION

The information has been provided by <mailto:davidl@xxxxxxxxxxxxxxx>
David Litchfield.
The original article can be found at:

<http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-ctx-doc/> http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-ctx-doc/



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages

  • [NEWS] Multiple Vulnerabilities in Oracle Database (Character Conversion, Extproc, Password Disclosu
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Multiple vulnerabilities were discovered in the (Oracle database server ... password is required to exploit this vulnerability. ...
    (Securiteam)
  • [EXPL] Oracle Command Line Overflow (Exploit)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A locally exploitable buffer overflow has been found in the 'oracle' ... restricted sections of the database, ... 'print "A"x9850'` Segmentation fault ...
    (Securiteam)
  • [NEWS] Oracle Forms SQL Injection
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... part of the Oracle Developer Suite 10g". ... All Oracle Forms applications are by default vulnerable to SQL Injection. ... The following statement sends the result of the SQL statement: ...
    (Securiteam)
  • [NEWS] Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL ... package contains the procedures CREATE_CAPTURE, ALTER_CAPTURE, ... SYS.DBMS_CAPTURE_ADM_INTERNAL can exploit this vulnerability. ...
    (Securiteam)
  • [UNIX] Oracle Database Buffer Overflow Vulnerabilities in Procedure DBMS_DRS.GET_PROPERTY (DB03)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Oracle Database Buffer Overflow Vulnerabilities in Procedure ... Oracle Database Server provides the DBMS_DRS package that includes ... SYS.DBMS_DRS can exploit this vulnerability. ...
    (Securiteam)