Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [Argeniss] Oracle 9R2 Unpatched vulnerability on CWM2_

from [Cesar] Network Security [Permanent Link]
Subject: [Full-disclosure] [Argeniss] Oracle 9R2 Unpatched vulnerability on CWM2_OLAP_AW_AWUTIL package
Date: Fri, 22 Jul 2005 15:15:03 -0700 (PDT) 
Oracle 9R2 Unpatched vulnerability on
CWM2_OLAP_AW_AWUTIL package 


Date: 07/22/2005


Esteban Martinez Fayo (member of Argeniss security
research team) reported a security 
vulnerability to Oracle some months ago, the
vulnerability is on OLAPSYS.CWM2_OLAP_AW_AWUTIL 
package affecting Oracle Database Server 9iR2 and 10g.
A couple of days before July CPU was 
released Oracle told us that July CPU will fix the
reported vulnerability. After July CPU was 
relesed we tested it in our systems and we found that
the patch doesn't fix the vulnerability 
on Oracle 9iR2, that's because Oracle didn't include a
fix for the vulnerability on 9iR2, the 
Oracle Database Server Risk Matrix indicates that the
Earliest Supported Release Affected is 10g 
which is complete wrong since 9iR2 is affected by the
vulnerability.

We contacted Oracle about this issue and Oracle
confirmed it, when we asked why there is no fix 
for 9iR2, Oracle said:

"Our development teams neglected to do the backports.
We are working on creating those backports now."

Also Oracle said that the fix will be released on
October CPU.
Because we feel Oracle doesn't care to protect
customers we decided to provide a workaround 
until a patch is available on October or who knows
when, maybe the development teams neglect again!


This is a high risk vulnerability, any database user
can cause a DOS. 

Here you can find a workaround:  
http://www.argeniss.com/research/CWM2_OLAP_AW_AWUTILWorkaround.sql



BTW: Don't miss these talks at Black Hat if you want
to know more about Oracle (IN)security:

http://www.blackhat.com/html/bh-usa-05/bh-usa-05-speakers.html#Cerrudo
http://www.blackhat.com/html/bh-usa-05/bh-usa-05-speakers.html#Fayo
http://www.blackhat.com/html/bh-usa-05/bh-usa-05-speakers.html#Kornbrust


Any questions to: cesar>at<argeniss>dot<com


Cesar Cerrudo
CEO, Founder
Argeniss (http://www.argeniss.com)



                
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [Argeniss] Oracle 9R2 Unpatched vulnerability on CWM2_OLAP_AW_AWUTIL package, Cesar <=
Previous by Date:  [PTsecurity] MaxPatrol Network Security Scanner - Free unlimited version has been released., Alexander Anisimov
Next by Date:  Re: Peter Gutmann data deletion theaory?, Volker Tanger
Previous by Thread:  [PTsecurity] MaxPatrol Network Security Scanner - Free unlimited version has been released., Alexander Anisimov
Next by Thread:  User privilege escalation exploit., sunos5 . 8
Indexes:  [Date] [Thread] [Top] [All Lists]