Download free trial version of Repscan from Sentrigo

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published AlertsRSS Published Alerts
Upcoming AlertsRSS Published Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
SQL Injection in package DBMS_AQADM_SYS

Name SQL Injection in package DBMS_AQADM_SYS [CVE-2009-0977]
Systems Affected Oracle 9.2.0.8 - 10.2.0.3
Severity Medium Risk
Category SQL Injection
Vendor URL http://www.oracle.com/
Author Franz Hüll (fh at red-database-security.com)
CVE CVE-2009-0977
Advisory 14 April 2009 (V 1.00)


Details
The package DBMS_AQADM_SYS contains a SQL injection vulnerability.

PROCEDURE GRANT_TYPE_ACCESS( USER_NAME IN VARCHAR2) IS

GRANT_TXT VARCHAR2(100);
GRANT_OPT VARCHAR2(20) := ' with grant option';
BEGIN

EXECUTE_STMT( 'grant execute on sys.aq$_agent to '|| USER_NAME||GRANT_OPT);
EXECUTE_STMT('grant execute on sys.aq$_dequeue_history to '|| USER_NAME||GRANT_OPT);
EXECUTE_STMT('grant execute on sys.aq$_subscribers to '|| USER_NAME||GRANT_OPT);
EXECUTE_STMT('grant execute on sys.aq$_recipients to '|| USER_NAME||GRANT_OPT);
EXECUTE_STMT('grant execute on sys.aq$_history to '|| USER_NAME||GRANT_OPT);
EXECUTE_STMT('grant execute on sys.aq$_dequeue_history to '|| USER_NAME||GRANT_OPT);

[...]


Patch Information
Apply the patches for Oracle CPU April 2009.


History
14-apr-2009 Oracle published CPU April 2009 [CVE-2009-0977]
14-apr-2009 Advisory published


2009 by Red-Database-Security GmbH - last update 14-apr-2009