Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Vulnerability Alert

Oracle Database Server Remote Privilege Escalation Vulnerability

 
Threat Type:CWE-264: Permissions, Privileges, and Access Control
IntelliShield ID:19883
Version:4
First Published:2010 February 04 17:52 GMT
Last Published:2010 March 16 12:11 GMT
Port: Not available
BugTraq ID:38115
Urgency:Unlikely Use
Credibility:Highly Credible
Severity:Moderate Damage
CVSS Base:6.5 CVSS Calculator
CVSS Version 2.0
CVSS Temporal:5.3
Related Resources:
View related IPS Signature
 
 
Version Summary:

Proof-of-concept code that exploits the Oracle Database Server remote privilege escalation vulnerability is publicly available.

 
 
Description

Oracle Database Server 11gR2 contains a vulnerability that could allow an authenticated, remote attacker to gain elevated privileges on the affected database.

A well-known security researcher has disclosed a vulnerability in Oracle Database Server 11gR2.  The vulnerability exists in the implementation of the Java language.  An overly permissive grant of privileges could be exploited by an unprivileged user to gain elevated privileges on the database server.  These privileges could allow the attacker to take full control of the database server.  It could be possible for an unprivileged user to bypass Oracle's Label Security mandatory access controls.

Proof-of-concept code that exploits this vulnerability is publicly available.

Oracle has not confirmed this vulnerability and updated software is not available.

 
Warning Indicators

Oracle Database Server 11gR2, version 11.2, is vulnerable.

 
IntelliShield Analysis

It is unclear what privileges an attacker would require to bypass Label Security; however, exploitation of the first part of the vulnerability could allow the attacker to execute operating system commands with the privileges of the Oracle database process.? This privilege may be the one that is used to bypass Label Security.

Because the Oracle database runs as SYSTEM on Microsoft Windows-based systems, an attacker could leverage this vulnerability to execute arbitrary code on affected systems with SYSTEM privileges.? An exploit could result in a full system compromise.

 
Vendor Announcements

Vendor announcements are not available.

 
Impact

An authenticated, remote attacker could exploit this vulnerability to execute arbitrary code on an affected system with the privileges of the database user.? The attacker could gain complete control over the affected database.

 
Technical Information

This vulnerability is in the IMPORT_JVM_PERMS procedure of the DBMS_JVM_EXP_PERMS package.?

An authenticated, remote attacker could make a crafted call to?IMPORT_JVM_PERMS to make the Java Virtual machine?give the attacker?the ability to?run commands on the system, and to read and write files.? Other database controls prevent the attacker from performing these actions.? The restriction can be bypassed by making a crafted call to the? SET_OUTPUT_TO_JAVA procedure in the DBMS_JAVA package, which can allow the attacker to run commands on the operating system with the privileges of the database process user.? The execution of system commands could be taken advantage of to create a new user with DBA privileges.

Additionally, vulnerabilities in the Java implementation could allow an attacker to bypass Label Security by loading dynamic libraries into the database process.? This action could allow the attacker to access restricted data.

 
Safeguards

Administrators are advised to contact the vendor regarding future updates and releases.

Administrators are advised to only allow trusted users to have native SQL access.

Administrators may consider removing PUBLIC access to the DBMS_JAVA and DBMS_JVM_EXP_PERMS packages.

Administrators are advised to monitor affected systems.

 
Patches/Software

Updates are not available.


Signatures
 
Cisco Intrusion Prevention System (IPS) 6.0
Signature IDSignature NameReleaseLatest Release Date
35746/0Oracle Database Server Remote Privilege EscalationS5992011 Oct 01 
 
Alert History
 

Version 3, February 9, 2010, 9:58 AM: Additional information is available to describe the Oracle Database Server remote privilege escalation vulnerability.

Version 2, February 5, 2010, 1:48 PM: Additional technical information is available to describe the Oracle Database Server remote privilege escalation vulnerability.

Version 1, February 4, 2010, 12:52 PM: Oracle Database Server contains a vulnerability that could allow an authenticated, remote attacker to gain elevated privileges on the affected database.  Updates are not available.



Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
Oracle CorporationOracle Database Server 11g 11.2 Base

Associated Products:
N/A




Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service. This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment.


LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield