Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Researcher lashes out at Oracle's security effort"] [Next entry: "Slight correction to the HTMLDB advisories"]

Red Database Security has released 6 new Oracle security bug advisories

Today Alex Kornbrust of Red Database Security has today released 6 new security advisories for bugs that have been fixed in previous Critical Patch Updates (CPU) but Oracle did not inform Red Database Security that they had been fixed so no advisory was released at the time. The six are as follows:

"Shutdown TNS Listener via Oracle iSQL*Plus" - Alex details how a connect to iSQL*Plus can be used to construct a TNS connect string that includes a STOP command for the listener.

"Shutdown TNS Listener via Oracle Forms Servlet" - Alex demonstrates basically the same issue except that this time the TNS command is sent from Forms

"Plaintext Password Vulnerabilitiy during Installation of Oracle HTMLDB" - Alex points out that the SYS password used to install HTMLDB is logged to a file in plain text

"Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB" - Alex shows how to send a crafted URL that includes SQL that can be executed in the database.

"Cross-Site-Scripting Vulnerability in Oracle iSQL*Plus" - Alex demonstrates a cross site scripting vulnerability that pops up a windows when an SQL statement is executed.

"Cross-Site-Scripting Vulnerability in Oracle XMLDB" - Alex again demonstrates how XMLDB can be used to pop up a window.

All of these 6 bugs are fixed in CPU July 2005.