22.11.2006
Виявленні численні помилки і уразливості в Oracle.
Уразливі версії: Oracle 9i, Oracle E-Business Suite 11.0, Oracle 10g, JDeveloper 9.0, SunMC 3.5, Oracle E-Business Suite 11i, APEX/HTMLDB 2.2.
SQL ін’єкції, DoS, модифікація файлів, міжсайтовий скріптінг, підвищення привілеїв, зміна параметрів аудита. Передача пароля у відкритому виді з JDeveloper у SQLPlus. Пароль JDeveloper зберігається у відкритому тексті в різних конфігураційних файлах формату XML. Пароль FormBuilder зберігається у відкритому тексті в тимчасових файлах. Слабкі дозволи на тимчасові файли. Перезапис і читання будь-якого файлу в Oracle Reports. Виконання будь-якої команди через Oracle Forms і Oracle Reports. А також величезна кількість інших помилок, багато з який давно відомі і дотепер не виправлені, що дозволяє говорити про нульовий рівень безпеки всіх продуктів. Для забезпечення безпеки продуктів Oracle використовуйте розробки сторонніх виробників.
- Multiple Oracle application server vulnerabilities (деталі)
26.11.2006
Додаткова інформація.
Було знайдено 79 уразливостей в продуктах Oracle:
- Modify Data via Inline Views
- Various Cross-Site-Scripting Vulnerabilities in Oracle Reports
- Cross-Site-Scripting Vulnerabilitiy in Oracle APEX NOTIFICATION_MSG
- Cross-Site-Scripting Vulnerability in Oracle APEX WWV_FLOW_ITEM_HELP
- SQL Injection in Oracle package MDSYS.SDO_LRS
- SQL Injection in package SYS.DBMS_CDC_IMPDP
- SQL Injection in package XDB.DBMS_XDBZ0
- SQL Injection in package SYS.DBMS_SQLTUNE_INTERNAL
- Oracle 10g R2 and, probably, all previous versions
- Bypassing Oracle dbms_assert
- Oracle Database - SQL Injection in SYS.DBMS_UPGRADE [DB22]
- Oracle Database - SQL Injection in SYS.DBMS_STATS [DB21]
- Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01]
- Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01]
- US-CERT Technical Cyber Security Alert TA06-200A — Oracle Products Contain Multiple Vulnerabilities
- Oracle Database - SQL Injection in SYS.KUPW$WORKER [DB03]
- Recent Oracle exploit is _actually_ an 0day with no patch
- Oracle Database 10gR1 Buffer overflow in VERIFY_LOG procedure
- Oracle Products Contain Multiple Vulnerabilities
- SQL Injection in package SYS.DBMS_LOGMNR_SESSION
- Multiple critical and high risk issues in Oracle’s database server
- Oracle read-only user can insert/update/delete data via specially crafted views
- More on the workaround for the unpatched Oracle PLSQL Gateway flaw
- The History of the Oracle PLSQL Gateway Flaw
- Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}
- Workaround for unpatched Oracle PLSQL Gateway flaw
- Oracle Products Contain Multiple Vulnerabilities
- Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT
- Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT
- Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext
- Oracle DBMS - Access Control Bypass in Login
- Oracle Reports - Read parts of files via desname (fixed after 874 days)
- Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)
- Oracle Reports - Read parts of files via customize(fixed after 875 days)
- Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA
- Oracle DBMS_ASSERT and the October 2005 CPU
- Oracle October 2005 CPU Problems
- Oracle Application Server HTTP Response Splitting Vulnerability
- Exploit Oracle DB27 - CPU Octobre
- Oracle 10g - emagent.exe Stack-Based Overflow
- Oracle Workflow CSS Vulnerability wf_route
- Oracle Workflow CSS Vulnerability wf_monitor
- Oracle Workflow CSS Vulnerability wf_monitor
- Oracle Products Contain Multiple Vulnerabilities
- Complete failure of Oracle security response and utter neglect of their responsibility to their customers
- Cross-Site-Scripting Vulnerability in Oracle XMLDB
- Shutdown TNS Listener via Oracle iSQL*Plus
- Shutdown TNS Listener via Oracle Forms Servlet
- Plaintext Password Vulnerabilitiy during Installation of Oracle HTMLDB
- Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB
- Cross-Site-Scripting Vulnerability in Oracle iSQL*Plus
- Oracle 9R2 Unpatched vulnerability on CWM2_OLAP_AW_AWUTIL package
- Oracle 9R2 Unpatched vulnerability on CWM2_OLAP_AW_AWUTIL package
- Sun Management Center Oracle Listener Vulnerabilities
- Various Cross-Site-Scripting Vulnerabilities in Oracle Reports
- Read parts of any XML-file via customize parameter in Oracle Reports
- Read parts of any file via desformat in Oracle Reports
- Run any OS Command via unauthorized Oracle Reports
- Run any OS Command via unauthorized Oracle Forms
- Overwrite any file via desname in Oracle Reports
- Silently fixed security bugs in Oracle Critical Patch Update July 2005
- Oracle Products Contain Multiple Vulnerabilities
- Oracle Forms Insecure Temporary File Handling
- Oracle Forms Builder Password in Temp Files
- Oracle JDeveloper Plaintext Passwords
- Name Oracle JDeveloper passes Plaintext Password
- Problems with the Oracle Critical Patch Update for April 2005
- Oracle 10g Exploit dbms_scheduler SESSION_USER issue
- Oracle Fine Grained Auditing Issue in Oracle 9i / 10g
- Webcache Client Requests bypasses OHS mod_access restrictions
- Append file in Oracle Webcache 9i
- Cross Site Scripting in Oracle Webcache 9i
- Oracle Products Contain Multiple Vulnerabilities
- Multiple Exploit Codes for Oracle (interMedia, DBMS_CDC_SUBSCRIBE, DBMS_CDC_ISUBSCRIBE and DBMS_METADATA)
- SQL Injection in ALTER_MANUALLOG_CHANGE_SOURCE procedure
- Multiple SQL Injection vulnerabilities in DBMS_METADATA package
- Denial of Service in Oracle interMedia
- SQL Injection in CREATE_SCN_CHANGE_SET procedure
- Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages
А також експлоіти для Oracle:
- Oracle 9i HTTP XDB service stack overflow exploit (деталі)
- exploit for Oracle 10g 10.2.0.2.0 (деталі)
* 