[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[DSECRG-09-010] Oracle 10g CTXSYS.DRVXTABC - plsql injection

Digital Security Research Group [DSecRG] Advisory       #DSECRG-09-010

Application:                    Oracle Database 10G 
Versions Affected:              Oracle,,,
Vendor URL:                     http://oracle.com
Bugs:                           PL/SQL Injections
Exploits:                       YES
Reported:                       29.01.2008
Vendor response:                31.01.2008 
CVE:                            CVE-2009-1991 
SVSS2:                          3.6               
Date of Public Advisory:        26.10.2009
Authors:                        Alexandr Polyakov
                                Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)


Oracle Database 10G and 9g vulnerable to PL/SQL Injection.
PL/SQL Injection found in procedure ctxsys.drvxtabc.create_tables


PL/SQL Injection found in procedure ctxsys.drvxtabc.create_tables 

ctxsys.drvxtabc.create_tables  has 3 parameters 

 idx_owner - varchar2
 idx_name  - varchar2
 idxid - number

idx_owner and idx_name are vulnerable to SQL Injection


exec ctxsys.drvxtabc.create_tables('SH"."SH2KERR" (X NUMBER)--','yyyyyyyyy',2);

Fix Information

Information was published in CPU October 2009.
All customers can download CPU patches following instructions from: 



Oracle give a credits for Alexander Polyakov from Digital Security Company in CPU October 2009.


Current advisory:


Digital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.

Contact:        research [at] dsecrg [dot] com