Oracle Database Server Change Data Capture Component DBMS_CDC_SUBSCRIBE SUBSCRIPTION_NAME Parameter SQL Injection

2005-04-18T00:00:00
ID OSVDB:15553
Type osvdb
Reporter Esteban Martinez Fayo(info@appsecinc.com)
Modified 2005-04-18T00:00:00

Description

Vulnerability Description

Oracle Database Server contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'SUBSCRIPTION_NAME' parameter in the 'DBMS_CDC_SUBSCRIBE' package not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

Solution Description

Oracle has released a patch which attempted to patch this vulnerability. Subsequent testing has revealed that the actual source of the problem lies within the underlying java class files. The April patch fails to properly load the newer patched classes which means that these problems can still be exploited on some versions. Oracle 10g systems with patchset 2 and the April patch have been tested and appear to mitigate the issue.

Short Description

Oracle Database Server contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'SUBSCRIPTION_NAME' parameter in the 'DBMS_CDC_SUBSCRIBE' package not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://www.oracle.com/ Vendor Specific Advisory URL Security Tracker: 1013693 Secunia Advisory ID:14935 Related OSVDB ID: 15735 Other Advisory URL: http://www.securiteam.com/securitynews/5VP0P0AFGM.html Other Advisory URL: http://www.securiteam.com/exploits/5ZP0T0AFGI.html Other Advisory URL: http://www.appsecinc.com/resources/alerts/oracle/2005-02.html Nessus Plugin ID:18034 Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0007.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0384.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0179.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0093.html Keyword: DB02 Keyword: Critical Patch Update - April 2005 ISS X-Force ID: 20159 CVE-2005-4832 Bugtraq ID: 13236