Vulnerabilities > CVE-2010-2415 - Unspecified vulnerability in Oracle Database Server

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

oracle

nessus

metasploit

NVD

Published: 2010-10-14

Updated: 2010-11-11

Summary

Unspecified vulnerability in the Change Data Capture component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Database Server 10.1.0.5 Oracle Database Server 10.2.0.4 Oracle Database Server 11.1.0.7 Oracle Database Server 11.2.0.1	4

Metasploit

description	The module exploits an sql injection flaw in the CREATE_CHANGE_SET procedure of the PL/SQL package DBMS_CDC_PUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege.
id	MSF:AUXILIARY/SQLI/ORACLE/DBMS_CDC_PUBLISH3
last seen	2020-06-14
modified	2017-07-24
published	2010-10-15
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2415 http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/sqli/oracle/dbms_cdc_publish3.rb
title	Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET

Nessus

NASL family	Databases
NASL id	ORACLE_RDBMS_CPU_OCT_2010.NASL
description	The remote Oracle database server is missing the October 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Enterprise Manager Console - Java Virtual Machine - Change Data Capture - OLAP - Job Queue - XDK - Core RDBMS - Perl
last seen	2020-06-02
modified	2010-11-18
plugin id	50652
published	2010-11-18
reporter	This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/50652
title	Oracle Database Multiple Vulnerabilities (October 2010 CPU)
code	# # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(50652); script_version("1.23"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01"); script_cve_id( "CVE-2010-1321", "CVE-2010-2389", "CVE-2010-2390", "CVE-2010-2391", "CVE-2010-2407", "CVE-2010-2411", "CVE-2010-2412", "CVE-2010-2415", "CVE-2010-2419" ); script_bugtraq_id( 40235, 43935, 43940, 43945, 43956, 43958, 43961, 43964, 43970 ); script_xref(name:"Secunia", value:"41815"); script_name(english:"Oracle Database Multiple Vulnerabilities (October 2010 CPU)"); script_summary(english:"Checks installed patch info"); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Oracle database server is missing the October 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Enterprise Manager Console - Java Virtual Machine - Change Data Capture - OLAP - Job Queue - XDK - Core RDBMS - Perl"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?54744faa"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the October 2010 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/10/12"); script_set_attribute(attribute:"patch_publication_date", value:"2010/10/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/18"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin"); exit(0); } include("oracle_rdbms_cpu_func.inc"); ################################################################################ # OCT2010 patches = make_nested_array(); # RDBMS 11.1.0.7 patches["11.1.0.7"]["db"]["nix"] = make_array("patch_level", "11.1.0.7.5", "CPU", "9952269, 9952228"); patches["11.1.0.7"]["db"]["win32"] = make_array("patch_level", "11.1.0.7.34", "CPU", "9773817"); patches["11.1.0.7"]["db"]["win64"] = make_array("patch_level", "11.1.0.7.34", "CPU", "9773825"); # RDBMS 11.2.0.1 patches["11.2.0.1"]["db"]["nix"] = make_array("patch_level", "11.2.0.1.3", "CPU", "9952260, 9952216"); patches["11.2.0.1"]["db"]["win32"] = make_array("patch_level", "11.2.0.1.6", "CPU", "10100100"); patches["11.2.0.1"]["db"]["win64"] = make_array("patch_level", "11.2.0.1.6", "CPU", "10100101"); # RDBMS 10.1.0.5 patches["10.1.0.5"]["db"]["nix"] = make_array("patch_level", "10.1.0.5.20", "CPU", "9952279"); patches["10.1.0.5"]["db"]["win32"] = make_array("patch_level", "10.1.0.5.40", "CPU", "10089559"); # RDBMS 10.2.0.5 patches["10.2.0.5"]["db"]["nix"] = make_array("patch_level", "10.2.0.5.1", "CPU", "9952270, 9952230"); patches["10.2.0.5"]["db"]["win32"] = make_array("patch_level", "10.2.0.5.1", "CPU", "10058290"); patches["10.2.0.5"]["db"]["win64"] = make_array("patch_level", "10.2.0.5.1", "CPU", "10099855"); # RDBMS 10.2.0.4 patches["10.2.0.4"]["db"]["nix"] = make_array("patch_level", "10.2.0.4.6", "CPU", "9952272, 9952234"); patches["10.2.0.4"]["db"]["win32"] = make_array("patch_level", "10.2.0.4.40", "CPU", "10084980"); patches["10.2.0.4"]["db"]["win64"] = make_array("patch_level", "10.2.0.4.40", "CPU", "10084982"); check_oracle_database(patches:patches, high_risk:TRUE);

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 43956 CVE ID: CVE-2010-2415 Oracle是大型的商业数据库系统。 Oracle数据库的Change Data Capture组件中提供了一个DBMS_CDC_PUBLISH PL/SQL软件包，该软件包的CREATE_CHANGE_SET过程中存在SQL注入漏洞。恶意用户可以以特殊参数调用有漏洞的过程，导致以SYS用户的权限执行SQL语句。利用这个漏洞要求拥有对SYS.DBMS_CDC_PUBLISH软件包的EXECUTE权限。默认下给予了EXECUTE_CATALOG_ROLE角色的用户拥有这个权限。 Oracle Database 11.2.0.1 Oracle Database 11.1.0.7 Oracle Database 10.2.0.4 Oracle Database 10.2.0.3 Oracle Database 10.1.0.5 厂商补丁： Oracle ------ Oracle已经为此发布了一个安全公告（cpuoct2010）以及相应补丁: cpuoct2010：Oracle Critical Patch Update Advisory - October 2010 链接：http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
id	SSV:20201
last seen	2017-11-19
modified	2010-10-26
published	2010-10-26
reporter	Root
title	Oracle数据库CREATE_CHANGE_SET过程SQL注入漏洞

Summary

Vulnerable Configurations

Metasploit

Nessus

Seebug

References