Signature Detail
Short Name |
DB:ORACLE:DBMS:VAL-REMOTE-INJ |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
DB |
Keywords |
Oracle DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC SQL Injection |
Release Date |
2009/10/26 |
Update Number |
1532 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
DB: Oracle DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC SQL Injection
This signature detects attempts to exploit a known vulnerability in Oracle Database Server's DBMS_REPCAT_RPC package. A successful attack allows an attacker to execute arbitrary SQL commands on the affected server.
Extended Description
Oracle Advanced Replication is prone to a remote privilege-escalation vulnerability that can be exploited over the 'Oracle Net' protocol. An attacker must have 'Create Session' privileges to exploit this issue.
Affected Products
- Oracle Oracle10g Enterprise Edition 10.1.0 .5
- Oracle Oracle10g Enterprise Edition 10.2.0 .3
- Oracle Oracle10g Personal Edition 10.1.0.5
- Oracle Oracle10g Personal Edition 10.2.0.4
- Oracle Oracle10g Standard Edition 10.1.0 .0.5
- Oracle Oracle10g Standard Edition 10.2.0 .3
- Oracle Oracle9i Enterprise Edition 9.2.0.8.0
- Oracle Oracle9i Enterprise Edition 9.2.0 .8DV
- Oracle Oracle9i Personal Edition 9.2.0 .8
- Oracle Oracle9i Personal Edition 9.2.0 .8DV
- Oracle Oracle9i Standard Edition 9.2.0.8
- Oracle Oracle9i Standard Edition 9.2.0 .8DV
References