Fri 3 Aug 2012
Another BlackHat, Another Oracle 0day
Posted by Slavik under Oracle, security, SQL injection
[3] Comments
I’ve attended BlackHat Vegas last week and of course went to see David Litchfield’s presentation. It started rather slow with vulnerabilities I was already familiar with but he saved the best for last. Another Oracle 0day – and I’ve got the pictures to prove it!
And this:
As you can see above, creating a table with a specially crafted blob column, creating an ODCI (Oracle Data Cartridge Interface) index on it, gathering statistics and then dropping the table triggers a dynamic statement with the column name not properly escaped.
Nice one, David – although we had to scramble and quickly protect against it with our McAfee vPatch solution.
what is the version of rdbms and psu
where above example run
I believe this was running on 11gR2 – not sure what version – but we were able to reproduce on pretty much all of them that do not include the out-of-band patch that Oracle released.
will give it a try and confirm,
thanks slavik for your reply