Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "A new version of woraauthbf - The Oracle password cracker is released"] [Next entry: " Limited becomes UK partner for Sentrigo Hedgehog"]

Oracle database exploits available for January 2008 CPU fixes

I keep an eye on Milw0rm as its a great source of exploits and saw the other day that 4 new posts had been made on there. These are exploits for bugs fixed in the January 2008 CPU.

This is a wake up call to anyone who is not decided about applying the patches for the January 2008 CPU. Once exploits are readilly available you are more at risk. Also a number of recent surveys suggest that insider attacks are much more likely than external attacks so its vital that companies running Oracle realise that these expoits work much better from an employees PC connected to your network than externally, as they already have access to the network and databases in a lot of cases. If the figures for internal attacks are to be beleived then this makes the issuance of exploits a big issue.

The exploits are written by Alexandr Polyakov (sh2kerr). The first is a DoS / Poc - which is an Oracle 10gR1 XDB.XDB_PITRIG_PKG.PITRIG_TRUNCATE buffer overflow that causes the database to crash. This is similar to the exploit I talked about in a post titled "Exploit code to crash an Oracle database posted" back in November 2007.

Then Alexandr posted three local exploits. These are:

Oracle 10g R1 xdb.xdb_pitrig_pkg PLSQL Injection (change sys password)
Oracle 10g R1 pitrig_truncate PLSQL Injection (get users hash)
Oracle 10g R1 pitrig_drop PLSQL Injection (get users hash)