|
||
|
Title: Imperva discovers a critical access control bypass Post by Pete Finnigan on Jan 19th, 2006, 12:36pm Hi, I have been deeply affected by this post : http://www.petefinnigan.com/weblog/archives/00000699.htm Revealing such a bug means that any user can now access the database as sysdba? I wonder how many databases could be affected by the bug, but it sounds like a hudge security hole. Did you try this exploit? Is it really as simple as explained? Is it issue DB18? |
||
|
Title: Re: Imperva discovers a critical access control by Post by Pete Finnigan on Jan 19th, 2006, 12:56pm Hi Laurent, I don't think that it is a good idea to discuss the details of how you would actually exploit it here. Whilst they have described the issue in detail they have fallen short of actually revealing exloit code. This is a very serious bug and potentially means any database is wide open. cheers Pete |
||
|
Title: Re: Imperva discovers a critical access control by Post by Pete Finnigan on Jan 20th, 2006, 8:34am yes pete, you are right :-X the biggest problem of such a bug is that it is quite well described on the internet how you do get dba access! This is imho not very fair from imperva, is it? Quote:
:o :o :o |
||
|
Title: Re: Imperva discovers a critical access control by Post by Pete Finnigan on Feb 9th, 2006, 11:57am I can confirm that this is solved in cpujan2006 and later. Sofar I tested on win32 against 9.2.0.7 patch 6 & patch 7, and 10.2.0.1 + patch 4923768 and the new 10.2.0.2. After the fix is applied on the database side you get to see: ORA-00604: error occurred at recursive SQL level 1 ORA-01031: insufficient privileges Any non-patched databases however allow me to create dba role accounts while connecting as a CREATE SESSION only account >:( Cheers Andre |
||
|
Powered by YaBB 1 Gold - SP 1.4! Forum software copyright © 2000-2004 Yet another Bulletin Board |