[Previous entry: "David Litchfield has released a workaround for an unpatched Oracle security bug"] [Next entry: "Alex has produced a document detailing the changes made by CPU Jan 2006"]
Oracle is advising customers to patch the last CPU very quickly
January 25th, 2006 by Pete
Post to del.icio.us
Post to Furl
Oracle Advises Users: Patch Critical Hole—Now! - By Paul F. Roberts
"Oracle is advising its customers to quickly apply a critical database patch the company issued last week. Security experts warn the hole could allow even unsophisticated users to take control of Oracle databases.
The patch, known as DB18, fixes a hole that affects most supported versions of the Oracle database software, including Oracle versions 8, 9 and 10. The hole is "very severe" and allows users to bypass the Oracle database's authentication and become administrative "super users," according to Shlomo Kramer, CEO of Imperva, which discovered the hole. However, Kramer and others say Oracle may be downplaying the seriousness of the threat out of concern that malicious hackers could be tipped off to the severity of the issue."
This is a discussion of the recent CPU January 2006 and in particular the DB18 bug. This is the one discovered by Imperva whereby arbitary SQL can be sent to the server and executed as SYS. This means any authenticated user can escalate to a DBA.
This bug is easy to exploit. I have an example exploit that I created easilly.
