Team SHATTER Security Advisory: Multiple SQL Injection vulnerabilities in Oracle Enterprise Manager
-----BEGIN PGP SIGNED MESSAGE-----
Team SHATTER Security Advisory
Multiple SQL Injection vulnerabilities in Oracle Enterprise Manager
July 22, 2009
Oracle Enterprise Manager Database Control 11 (220.127.116.11, 18.104.22.168) and Orac=
le Enterprise Manager 10g Grid Control 10.2.0.4 (and previous patchsets)=20
Yes (Authentication is needed)
This vulnerability was discovered and researched by Esteban Mart=EDnez Fay=
=F3 of Application Security Inc.=20
SQL Injection works by attempting to modify the parameters passed to an app=
lication to change the SQL statements that are passed to a database. SQL in=
jection can be used to insert additional SQL statements to be executed.
The Type, snapshot and table parameters used in web page /em/console/=
ecm/history/configHistory and fConfigGuid parameter used in /em/console/e=
cm/config/compare/compareWizSecondConfig are vulnerable to SQL Injection at=
tacks. These web pages are part of Oracle Enterprise Manager web applicatio=
n. It may be possible for a malicious user to execute a function with the e=
levated privileges of the SYSMAN database user in the repository database. =
This user has the DBA role granted.
This vulnerability allow a Oracle Enterprise Manager user with VIEW (or mor=
e) privileges to execute a function call with the elevated privileges of th=
e SYSMAN database user.
Vendor was contacted and a patch was released.
There is no workaround for this issue.
Apply Oracle Critical Patch Update July 2009 available at Oracle Metalink.
Application Security, Inc advisory: http://www.appsecinc.com/resources/aler=
Vendor Notification - 7/11/2008
Vendor Response - 7/14/2008
Fix - 7/14/2009
Public Disclosure - 7/22/2009
Application Security, Incs database security solutions have helped over 1,=
600 organizations secure their databases from all internal and external thr=
eats while also ensuring that those organizations meet or exceed regulatory=
compliance and audit requirements.
Disclaimer: The information in the advisory is believed to be accurate at t=
he time of publishing based on currently available information. Use of the =
information constitutes acceptance for use in an AS IS condition. There are=
no warranties with regard to this information. Neither the author nor the =
publisher accepts any liability for any direct, indirect, or consequential =
loss or damage arising from use of, or reliance on, this information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0
-----END PGP SIGNATURE-----