Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV

from [Kornbrust, Alexander] Network Security [Permanent Link]
Subject: [Full-disclosure] Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT
Date: Wed, 18 Jan 2006 01:04:03 +0100 
Oracle forgot to inform me that these vulnerabilities are also fixed.

#####

http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$
ft.html

###############################
SQL Injection in package SYS.KUPV$FT

Name          SQL Injection in package SYS.KUPV$FT
Affected        Oracle 10g Release 1
Severity        High Risk
Category        SQL Injection
Vendor URL      http://www.oracle.com/
Author  Alexander Kornbrust (ak at red-database-security.com)
Advisory        17 Jan 2006 (V 1.00)


Details:
########
The package SYS.KUPV$FT contains 3 SQL injection vulnerabilities in the
functions ATTACH_JOB, OPEN_JOB, HAS_PRIVS. Oracle fixed these
vulnerabilities with the package dbms_assert.




Patch Information:
##################
Apply the patches for Oracle CPU Jan 2006 on top of Oracle 10g Release
1.


History:
########
01-nov-2005 Oracle secalert was informed
02-nov-2005 Oracle secalert asked for an exploit
17-jan-2006 Oracle published CPU January 2006
17-jan-2006 Advisory published



(c) 2006 by Red-Database-Security GmbH
http://www.red-database-security.com/advisory/published_alerts.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT, Kornbrust, Alexander <=
Previous by Date:  [Full-disclosure] Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT, Kornbrust, Alexander
Next by Date:  Re: [Full-disclosure] Vulnerability/Penetration Testing Tools, H D Moore
Previous by Thread:  [Full-disclosure] Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT, Kornbrust, Alexander
Next by Thread:  [Full-disclosure] Startup company, Shyaam
Indexes:  [Date] [Thread] [Top] [All Lists]