Oracle Database DBMS_JVM_EXP_PERMS Package and Java Wrapper() Allows Remote Authenticated Users to Execute Arbitrary Commands
|
|
SecurityTracker Alert ID: 1023557 |
|
SecurityTracker URL: http://securitytracker.com/id/1023557
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Feb 9 2010
|
Impact:
Execution of arbitrary code via network, User access via network
|
Exploit Included: Yes
|
Version(s): 11g R1
|
Description:
A vulnerability was reported in Oracle Database. A remote authenticated user can execute arbitrary commands on the target system.
A remote authenticated user with no privileges can invoke the IMPORT_JVM_PERMS procedure to update the permissions listed in the Java policy table to grant the user permissions to execute arbitrary OS commands.
The remote authenticated user can then invoke Wrapper() class to execute arbitrary OS commands.
The remote authenticated user can also gain elevated privileges on the target database.
The original advisory is available at:
https://media.blackhat.com/bh-dc-10/video/Litchfield_David/BlackHat-DC-2010-Litchfield-Oracle11g-video.m4v
David Litchfield reported this vulnerability.
|
Impact:
A remote authenticated user can execute arbitrary commands on the target system.
A remote authenticated user can also gain elevated privileges on the target database.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.oracle.com/ (Links to External Site)
|
Cause:
Access control error, Configuration error
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000), Windows (2003), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 09 Feb 2010 06:58:31 +0000
Subject: Oracle Database
|
https://media.blackhat.com/bh-dc-10/video/Litchfield_David/BlackHat-DC-2010-Litchfield-Oracle11g-video.m4v
|
|
