High Risk Vulnerability in Oracle Workspace Manager
October 17th, 2007NGSSoftware Insight Security Research Advisory
Name: SQL Injection Flaw in Oracle Workspace Manager
Systems Affected: Oracle 10g release 1 and 2, Oracle 9i
Severity: High
Vendor URL: http://www.oracle.com/
Author: David Litchfield [ davidl@ngssoftware.com ]
Reported: 22nd August 2006
Date of Public Advisory: 17th October 2007
Advisory number: #NISR17102007B
Description
***********
The Workspace Manager in Oracle 10g release 1 and 2 and Oracle 9i is
vulnerable to SQL injection.
Details
*******
The Workspace Manager, owned by SYS, contains a package called LT. This
package is owned and defined by the SYS user and can be executed by PUBLIC.
LT contains a procedure called FINDRICSET which calls the FINDRICSET package
in the LTRIC package. This is vulnerable to SQL injection and can be abused
by an attacker to gain SYS privileges.
Fix Information
***************
Oracle was alerted to this flaw on the 22nd of August 2006. A patch has now
been made available:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html
NGSSQuirreL for Oracle, an advanced vulnerability assessment scanner
designed specifically for Oracle, can be used to accurately determine
whether your servers are vulnerable to this flaw. More information about
NGSSQuirreL for Oracle can be found here:
http://www.ngssoftware.com/products/database-security/ngs-squirrel-oracle.php
About NGSSoftware
*****************
NGSSoftware develops vulnerability assessment and compliancy tools for
database servers including Oracle, Microsoft SQL Server, DB2, Sybase and
Informix. Headquartered in the United Kingdom NGS has offices in London, St.
Andrews (UK), Brisbane, and Perth (Australia) and Seattle in the United
States; NGSConsulting provide services to some of the largest and most
demanding organizations around the globe.
http://www.ngssoftware.com/
Telephone +44 208 401 0070
Fax +44 208 401 0076
enquiries@ngssoftware.com
