Vulnerabilities > CVE-2008-3979 - Multiple vulnerability in Oracle January 2009 Critical Patch Update
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability that allows remote authenticated users to gain MDSYS privileges via the MDSYS.SDO_TOPO_DROP_FTBL trigger.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | Oracle 10g MDSYS.SDO_TOPO_DROP_FTBL SQL Injection Exploit (meta). CVE-2008-3979. Local exploits for multiple platform |
file | exploits/multiple/local/8074.rb |
id | EDB-ID:8074 |
last seen | 2016-02-01 |
modified | 2009-02-18 |
platform | multiple |
port | |
published | 2009-02-18 |
reporter | sh2kerr |
source | https://www.exploit-db.com/download/8074/ |
title | Oracle 10g MDSYS.SDO_TOPO_DROP_FTBL SQL Injection Exploit meta |
type | local |
Metasploit
description | This module will escalate an Oracle DB user to MDSYS by exploiting a sql injection bug in the MDSYS.SDO_TOPO_DROP_FTBL trigger. After that exploit escalate user to DBA using "CREATE ANY TRIGGER" privilege given to MDSYS user by creating evil trigger in system scheme (2-stage attack). |
id | MSF:AUXILIARY/SQLI/ORACLE/DROPTABLE_TRIGGER |
last seen | 2020-03-02 |
modified | 2017-08-29 |
published | 2010-06-04 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/sqli/oracle/droptable_trigger.rb |
title | Oracle DB SQL Injection in MDSYS.SDO_TOPO_DROP_FTBL Trigger |
Nessus
NASL family | Databases |
NASL id | ORACLE_RDBMS_CPU_JAN_2009.NASL |
description | The remote Oracle database server is missing the January 2009 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Job Queue - Oracle OLAP - Oracle Spatial - Oracle Streams - SQL*Plus Windows GUI |
last seen | 2020-06-02 |
modified | 2011-11-16 |
plugin id | 56063 |
published | 2011-11-16 |
reporter | This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/56063 |
title | Oracle Database Multiple Vulnerabilities (January 2009 CPU) |
code |
|
Saint
bid 33177 description Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH buffer overflow id database_oracle_backupndmpbo,database_oracle_backupver osvdb 51340 title oracle_secure_backup_ndmp_clientauth type remote bid 33177 description Oracle Secure Backup login.php ora_osb_lcookie command execution id database_oracle_backupver osvdb 51343 title oracle_secure_backup_login_lcookie type remote bid 33177 description Oracle WebLogic Server IIS Connector JSESSIONID buffer overflow title weblogic_iis_connector_jsessionid type remote bid 33177 description Oracle Secure Backup login.php rbtool command injection id database_oracle_backupver osvdb 51342 title oracle_secure_backup_login_rbtool type remote bid 33177 description Oracle Database OLAP component ODCITABLESTART buffer overflow id database_oracle_version osvdb 51347 title oracle_olap_odcitablestart type remote
References
- http://osvdb.org/51354
- http://secunia.com/advisories/33525
- http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html
- http://www.securityfocus.com/archive/1/500061/100/0/threaded
- http://www.securityfocus.com/bid/33177
- http://www.securitytracker.com/id?1021561
- http://www.vupen.com/english/advisories/2009/0115
- https://www.exploit-db.com/exploits/8074