Services
Information
Company |
SQL Injection in package DBMS_AQADM_SYS
Details The package DBMS_AQADM_SYS contains a SQL injection vulnerability. PROCEDURE GRANT_TYPE_ACCESS( USER_NAME IN VARCHAR2) IS GRANT_TXT VARCHAR2(100); GRANT_OPT VARCHAR2(20) := ' with grant option'; BEGIN EXECUTE_STMT( 'grant execute on sys.aq$_agent to '|| USER_NAME||GRANT_OPT); EXECUTE_STMT('grant execute on sys.aq$_dequeue_history to '|| USER_NAME||GRANT_OPT); EXECUTE_STMT('grant execute on sys.aq$_subscribers to '|| USER_NAME||GRANT_OPT); EXECUTE_STMT('grant execute on sys.aq$_recipients to '|| USER_NAME||GRANT_OPT); EXECUTE_STMT('grant execute on sys.aq$_history to '|| USER_NAME||GRANT_OPT); EXECUTE_STMT('grant execute on sys.aq$_dequeue_history to '|| USER_NAME||GRANT_OPT); [...] Patch Information Apply the patches for Oracle CPU April 2009. History 14-apr-2009 Oracle published CPU April 2009 [CVE-2009-0977] 14-apr-2009 Advisory published © 2009 by Red-Database-Security GmbH - last update 14-apr-2009 |