Application Security Inc. - Database Security, Monitoring, Assessment, Auditing, Encryption, and Regulatory Compliance.
 
 
 
home client login partner login purchasing info contact us
search:
Solutions Products Partners Support News & Events About Us
add this

Team SHATTER Security Alert

Oracle Oct CPU - Vulnerable Procedures

November 3, 2005

To determine if you are vulnerable to this attack, download AppDetective from http://www.appsecinc.com/products/appdetective/oracle

Multiple high risk vulnerabilities were reported in the Oracle Critical Patch Update for October 2005. The following database package procedures are vulnerable to buffer overflow and DoS attacks:

DBMS_SNAPSHOT.UNREGISTER_MVIEW
DBMS_SNAPSHOT.REGISTER_MVIEW
DBMS_SNAPSHOT.UNREGISTER_SNAPSHOT
DBMS_SNAPSHOT.REGISTER_SNAPSHOT
DBMS_SNAPSHOT_UTL.UNREGISTER_SNAPSHOT
DBMS_SNAPSHOT_UTL.REGISTER_SNAPSHOT
PBSDE.INIT
KUPW$WORKER.MAIN
KUPW$WORKER.RECREATE_DDL
KUPM$MCP.METADATA_FILTER

The following procedures are vulnerable to PL/SQL injection:

SDO_IDX.IMP_EXP
SDO_IDX.CMT_IDX_CHNGS
SDO_PRIDX.GEN_RID_RANGE_BY_AREA
SDO_PRIDX.GEN_RID_RANGE
SAMCLUST_IMP_T.ODCITABLESTART
SAMCLUST_IMP_T.PREDICATED_JOIN
SAMCLUST_IMP_T.BEST_AGGREGATE_LOCATIONS
SAMCLUST_IMP_T.SIMPLIFY_GEOMETRY
SAMCLUST_IMP_T.BIN_GEOMETRY
SAMCLUST_IMP_T.BIN_LAYER
SAMCLUST_IMP_T.AGGREGATES_FOR_GEOMETRY
SAMCLUST_IMP_T.AGGREGATES_FOR_LAYERS
SAMCLUST_IMP_T.TILED_AGGREGATES
MDPRVT_IDX.EXECUTE_INSERT
MDPRVT_IDX.EXECUTE_DELETE
MDPRVT_IDX.EXECUTE_UPDATE
MDPRVT_IDX.EXECUTE_GUPDATE
MDPRVT_IDX.CRT_DUMMY_IDX
MDPRVT_IDX.EXCHANGE
SDO_TPIDX.INDEX_UPDATE
SDO_TPIDX.INDEX_INSERT
SDO_TPIDX.INDEX_DELETE
SDO_TPIDX.ODCIINDEXSPLITPARTITION
RTREE_IDX.INDEX_TRUNCATE
RTREE_IDX.POPULATE_ROOT_MBRS
SDO_TUNE.AVG_DELTAS_FOR_LAYER
SDO_TUNE.EXTENT_OF_LAYERS
SDO_TUNE.ESTIMATE_TILING_LEVEL
SDO_TUNE.EXTENT_OF
SDO_TUNE.AVERAGE_MBR
SDO_TUNE.HISTOGRAM_ANALYSIS
SDO_TUNE.MIX_INFO
SDO_TUNE.SETUP_TEMP_LAYER
SDO_TUNE.SAMPLE_GEOMS
SDO_TUNE.CLEANUP_TEMP_LAYER
SDO_TUNE.ESTIMATE_TILING_TIME
SDO_TUNE.ESTIMATE_TOTAL_NUMTILES
SDO_TUNE.ESTIMATE_INDEX_PERFORMANCE
SDO_TUNE.AVG_DELTAS_OF_OBJECTS
SDO_TUNE.EXTENT_OF_OBJECTS
SDO_TUNE.ESTIMATE_TILING_LEVEL
SDO_TUNE.EXTENT_OF
SDO_TUNE.AVERAGE_MBR
SDO_TUNE.SETUP_TEMP_TABLE
SDO_TUNE.SAMPLE_GEOMS
SDO_TUNE.CLEANUP_TEMP_TABLE
SDO_TUNE.ESTIMATE_RTREE_INDEX_SIZE
SDO_UTIL.PREPARE_FOR_TTS
SDO_UTIL.SDO_JOIN
MD2.TESSELLATE_FIXED
MD2.TESSELLATE
SDO_GEOR_UTL. CREATEDMLTRIGGER
DBMS_EXPORT_EXTENSION.GET_V2_DOMAIN_INDEX_TABLES
DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_TABLES
DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA
DBMS_METADATA_INT.NEW_SYSTEM_TRANSFORM_ENTRY
DBMS_METADATA_INT.FETCH_VIEW_ERRORS
DBMS_STATS.EXECUTE_COUNT_LSCALABLE_VALUES
KUPF$FILE.ADD_TDX_ROW_CB
KUPF$FILE.GETJOBINFOR

Note: Some sources claim this patch may not fully address each of the reported issues. See www.securityfocus.com/archive/1/413827/30/0/threaded.

WARNING! A public exploit for the buffer overflow in PBSDE.INIT is available on the internet.

Reference:
www.red-database-security.com/advisory/details_oracle_cpu_october
www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html
www.red-database-security.com/advisory/oracle_workflow_css_wf_route.html
www.red-database-security.com/advisory/oracle_workflow_css_wf_monitor.html
www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/84_e.html
www.spidynamics.com/spilabs/advisories/oracle-emagentoverflow.html
 
Contact Us | Privacy | Sitemap | Legal
sales@appsecinc.com | support@appsecinc.com 		Call us toll free at: 1-866-927-7732 | FAX: 1-212-947-8788
. Application Security, Inc. All Rights Reserved