
There are 20 visitors online
Services \| Portal \| White Papers \| Scripts \| Tools \| Newsletter \| Information \| Alerts \| Search \| Weblog / Forum \| What's New About Us Consulting Services Training Courses Oracle Security Research Database Policy Partners Products Careers Pete Finnigan Contact Details Events Oracle Security Database Security Database Software Security Web Development Programming Off Topic Oracle Security Oracle Security (Page 2) Others Ramblings Oracle Security Tips SQL and PL/SQL Unix Tools Audit Tools Default Password Checker Default Password List Oracle Security Scanner Subscribe Un-Subscribe Recent Newsletters Web Links Books Oracle Newsgroups Oracle Blogs Oracle news Feedback / Enquiries Guestbook Site Map Site Statistics WebLog Forum Security Issues Database What's New Register for Updates PeteFinnigan.com in the news

Pete Finnigan's Oracle security weblog

Home » Archives » April 2007 » Bunker has released a 0-day Oracle exploit

[Previous entry: "2 new exploits for Oracle"] [Next entry: "Argeniss have released a simple Oracle root kit"]

Bunker has released a 0-day Oracle exploit

April 2nd, 2007 by Pete

Post to del.icio.us Post to Furl

I saw today via Alex, Milw0rm and Bugtraq that Andrea "bunker" Purificato has released a new exploit in DBMS_AQ.ENQUEUE for 10gR1, version 10.1.0.3.0. The [0-day] Remote Oracle DBMS_AQ.ENQUEUE exploit (10g) is written in Perl and the example uses a payload of granting ALL PRIVILEGES and DBA to the supplied Oracle user account. I am a bit confused at the 0-day title as the post also includes a reference to the patch for the Jan CPU 2007 - CVE-2007-0268.

There has been 2 Comments posted on this article

April 2nd, 2007 at 09:48 pm

bunker says:

crazy Sorry for mistake. I meant "first public exploit" with word "0day"... hehe

April 3rd, 2007 at 06:02 pm

Pete says:

I guessed that was what you meant, thanks for the update.

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives

Oracle Security Step-by-Step (Version 2.0)

Home
Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

Pete Finnigan's Oracle security weblog

Bunker has released a 0-day Oracle exploit

About

Search weblog

Home and Archives

Recommended reading

Useful links

Other useful blogs

Syndication - Feeds

Other Links