[ERPSCAN-08-004] Oracle Database 10g — Code Execution and SQL injection

DSECRG Advisories

Application: Oracle Database
Versions Affected: Oracle Database 10g R1
Vendor URL: http://oracle.com/
Bugs: SQL Injection,Buffer Owerflov
Exploits: YES
Reported: 18.12.2007
Vendor response: 20.12.2007
Date of Public Advisory: 16.01.2008
Author: Alexandr Polyakov

Buffer overflow in xDb.XDB_PITRIG_PKG.PITRIG_DROP and xDb.XDB_PITRIG_PKG.TRUNCATE procedures in Oracle 10G R1 allows remote authenticated users to execute arbitrary code via long arguments such as “Name” and “Owner”.
SQL Injections in xDb.XDB_PITRIG_PKG.PITRIG_DROP and xDb.XDB_PITRIG_PKG.TRUNCATE procedures. Vulnerable parametres such as “Name” and “Owner”.
Vulnerability allows remote authenticated users to execute SQL code with privileges of XDB user.

Business Risk
Legal database user can escalate privileges and gain unauthorized access to business-critical data.