Oracle CTXSYS Package DRILOAD SQL Injection

2004-09-03T19:18:33
ID OSVDB:9819
Type osvdb
Reporter Alexander Kornbrust(ak@red-database-security.com)
Modified 2004-09-03T19:18:33

Description

Vulnerability Description

Oracle Database Server contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that unprivilege users (including default accounts) may execute arbitrary SQL queries via the "ctxsys.driload" module. The server does not require any additional authentication and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version R1 10.1.0.3 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workarounds:

  1. Remove the ctxsys account if it is not needed:

SQL> Drop user ctxsys

  1. Revoke privileges to the ctxsys.driload object:

SQL> revoke grant ctxsys.driload from public

Short Description

Oracle Database Server contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that unprivilege users (including default accounts) may execute arbitrary SQL queries via the "ctxsys.driload" module. The server does not require any additional authentication and will allow an attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://www.oracle.com/ Vendor Specific Advisory URL US-CERT Cyber Security Alert: TA04-245A Secunia Advisory ID:12409 Other Advisory URL: http://www.red-database-security.com/advisory/advisory_20040903_1.htm Other Advisory URL: http://www.idefense.com/application/poi/display?id=136&type=vulnerabilities Other Advisory URL: http://www.securiteam.com/securitynews/5FP022KE0W.html Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0041.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0093.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0179.html Keyword: Red Database Security Issue 1 Generic Informational URL: http://www.computerworld.com/securitytopics/security/story/0,10801,95013,00.html CVE-2004-0637 CIAC Advisory: o-209 CERT VU: 316206 Bugtraq ID: 11099