|
Services
Oracle Audit / Hardening
Security Training
Consulting
Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts
News & Events
Events
News
Company
Contact
People
Partner
Impressum
Sitemap
Search
|
SQL Injection in package SYS.DBMS_LOGMNR_SESSION
| Name |
SQL Injection in package SYS.DBMS_LOGMNR_SESSION |
| Systems Affected |
Oracle Database |
| Severity |
High Risk |
| Category |
SQL Injection (DB06) |
| Vendor URL |
http://www.oracle.com/ |
| Author |
Alexander Kornbrust (ak at red-database-security.com) |
| Advisory |
18 April 2006 (V 1.00) |
| Oracle Bugid |
6980723 |
Details
The package SYS.DBMS_LOGMNR_SESSION contains SQL injection vulnerabilities.
Package |
Function/Procedure |
Vulnerability / Change |
| DBMS_LOGMNR_SESSION |
DELETE_FROM_TABLE |
SQL Injection fixed via DBMS_ASSERT |
Patch Information
Apply the patches for Oracle CPU April 2006 on top of Oracle 9i Release 2 or Oracle 10g Release 1.
History
01-nov-2005 Oracle secalert was informed
02-nov-2005 Oracle secalert asked for an exploit
18-apr-2006 Oracle published CPU April 2006
18-apr-2006 Advisory published
© 2006 by Red-Database-Security GmbH - last update 18-apr-2006
|
