Internet threat level: 1
Home→Descriptions→SA38353
Oracle Database Two Security Issues
| Secunia ID | |
| CVE-ID | |
| Release Date |
08 Feb 2010 |
| Last Change |
14 Apr 2010 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Oracle Database 10.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. Privilege escalationThis covers vulnerabilities where a user is able to conduct certain tasks with the privileges of other users or administrative users. This typically includes cases where a local user on a client or server system can gain access to the administrator or root account thus taking full control of the system. |
| Description |
David Litchfield has reported two security issues in Oracle Database, which can be exploited by malicious users to gain escalated privileges and compromise a vulnerable system. 1) Access to procedures within the "DBMS_JVM_EXP_PERMS" package is not restricted, which can be exploited to modify the Java policy table via the "IMPORT_JVM_PERMS" procedure. This can be exploited to e.g. execute arbitrary operating system commands. 2) An error in the argument handling of the "DBMS_JAVA.SET_OUTPUT_TO_JAVA" procedure can be exploited to execute SQL commands as the SYS user. This can be exploited to gain DBA user privileges. NOTE: Successful exploitation allows bypassing Oracle Label Security. |
| Solution |
Apply patches (please see the vendor's advisory for details). |
| Reported by |
David Litchfield |
| Original Advisory |
Oracle: https://media.blackhat.com/bh-dc-10/video/Litchfield_David/BlackHat-DC-2010-Litchfield-Oracle11g-video.m4v |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.