We publish 3 new Oracle exploits

We are happy to announce that 3 new Oracle Database vulnerability exploits were found (CPU April 2008). Advisory about those vulnerabilities was published by Esteban Martinez Fayo from Application Security.

Brief text from advisory:

“Oracle Database provides the “LT” PL/SQL package that is part of the Oracle Workspace Manager component. This package has multiple instances of SQL Injection in COMPRESSWORKSPACETREE, MERGEWORKSPACE and REMOVEWORKSPACE procedures. Depending on what Oracle Workspace Manager release is installed, this PL/SQL package is owned by SYS (on older releases) or by WMSYS (on newer releases). A malicious user can call the vulnerable procedures of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the package owner, depending on the system configuration it can be SYS or WMSYS”

Our exploits not only give DBA rights to unprivileged user but also execute Operation System commands (creates new user) using 3 different methods.

Exploits can be downloaded from our site or from milw0rm.com

Do you want more?

Subscribe me to your mailing list