 | ||||
| << Previous | INDEX | Search | src / Print | Next >> |
| ||||
| |||||||||||||||
From: Shatter <shatter@appsecinc.com.> To: Bugtraq <bugtraq@securityfocus.com.>, Date: Mon, 3 Aug 2009 19:31:16 -0400 Subject: Team SHATTER Security Advisory: Multiple SQL Injection vulnerabilities in Oracle Enterprise Manager Thread-Topic: Team SHATTER Security Advisory: Multiple SQL Injection vulnerabilities in Oracle Enterprise Manager Thread-Index: AcoUkn8SlmOFy8/ZSZuoZyCM/+0cRA== Message-ID: <BB184445F393D244AEB0312F069BAAB10808F40D7D@mxe1.nycapt35k.com.> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Scanned: antivirus-gw at tyumen.ru -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Multiple SQL Injection vulnerabilities in Oracle Enterprise Manager July 22, 2009 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11 (11.1.0.6, 11.1.0.7) and Orac= le Enterprise Manager 10g Grid Control 10.2.0.4 (and previous patchsets)=20 Remote exploitable: Yes (Authentication is needed) Credits:=20 This vulnerability was discovered and researched by Esteban Mart=EDnez Fay= =F3 of Application Security Inc.=20 Details:=20 SQL Injection works by attempting to modify the parameters passed to an app= lication to change the SQL statements that are passed to a database. SQL in= jection can be used to insert additional SQL statements to be executed. The 'Type', 'snapshot' and 'table' parameters used in web page /em/console/= ecm/history/configHistory and 'fConfigGuid' parameter used in /em/console/e= cm/config/compare/compareWizSecondConfig are vulnerable to SQL Injection at= tacks. These web pages are part of Oracle Enterprise Manager web applicatio= n. It may be possible for a malicious user to execute a function with the e= levated privileges of the SYSMAN database user in the repository database. = This user has the DBA role granted. Impact: This vulnerability allow a Oracle Enterprise Manager user with VIEW (or mor= e) privileges to execute a function call with the elevated privileges of th= e SYSMAN database user. Vendor Status: Vendor was contacted and a patch was released. Workaround: There is no workaround for this issue. Fix: Apply Oracle Critical Patch Update July 2009 available at Oracle Metalink. CVE: CVE-2009-1966, CVE-2009-1967 Links: Application Security, Inc advisory: http://www.appsecinc.com/resources/aler= ts/oracle/2009-04.shtml http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpu= jul2009.html Timeline: Vendor Notification - 7/11/2008 Vendor Response - 7/14/2008 Fix - 7/14/2009 Public Disclosure - 7/22/2009 Application Security, Inc's database security solutions have helped over 1,= 600 organizations secure their databases from all internal and external thr= eats while also ensuring that those organizations meet or exceed regulatory= compliance and audit requirements. Disclaimer: The information in the advisory is believed to be accurate at t= he time of publishing based on currently available information. Use of the = information constitutes acceptance for use in an AS IS condition. There are= no warranties with regard to this information. Neither the author nor the = publisher accepts any liability for any direct, indirect, or consequential = loss or damage arising from use of, or reliance on, this information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0 iD8DBQFKd3Mm9EOAcmTuFN0RAsvtAKCy63s4g+vP3NMNgY/cH3Yk7IJXhwCdFxkI x3i+U89DFXpEf/UHUalXsnc=3D =3DD60y -----END PGP SIGNATURE-----
| |||||||||||||||
|
|