Oracle Database Upgrade & Downgrade DBMS_REGISTRY Multiple Procedure SQL Injection

2006-01-17T04:32:39
ID OSVDB:22566
Type osvdb
Reporter OSVDB
Modified 2006-01-17T04:32:39

Description

Vulnerability Description

Oracle Database Server contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the DBMS_REGISTRY package not properly sanitizing user-supplied input to the IS_COMPONENT, GET_COMP_OPTION, DISABLE_DDL_TRIGGERS, SCRIPT_EXISTS, COMP_PATH, GATHER_STATS, NOTHING_SCRIPT or VALIDATE_COMPONENTS procedures. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch (Jan2006 Critical Patch Update) to address this vulnerability.

Short Description

Oracle Database Server contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the DBMS_REGISTRY package not properly sanitizing user-supplied input to the IS_COMPONENT, GET_COMP_OPTION, DISABLE_DDL_TRIGGERS, SCRIPT_EXISTS, COMP_PATH, GATHER_STATS, NOTHING_SCRIPT or VALIDATE_COMPONENTS procedures. This may allow an attacker to inject or manipulate SQL queries in the backend database.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:18493 Secunia Advisory ID:18608 Other Advisory URL: http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html News Article: http://news.com.com/Oracle+fixes+pile+of+bugs/2100-1002_3-6027847.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0420.html Keyword: Document ID: c00593668 Keyword: HPSBMA02094 Keyword: SSRT061104 Keyword: DB28 FrSIRT Advisory: ADV-2006-0243 FrSIRT Advisory: ADV-2006-0323 CVE-2006-0271 CERT VU: 545804 Bugtraq ID: 16287