TeamSHATTER

A lot has been written in the last week about the Oracle TNS Listener Poison Attack (CVE-2012-1675). Not everything that has been published is correct. I have spent a great deal of time investigating the topic and  I want to share my views on the issue. On April 18th, the security researcher Joxean Koret published the following advisory on the full disclosure mailing list. http://seclists.org/fulldisclosure/2012/Apr/204 . Assuming it was fixed in the April 2012 CPU, he discusses a vulnerability that…

It’s election time, and with the Republican field narrowed down to Mitt Romney as the likely nominee, we have ourselves a Presidential race to watch. When it comes to politics I’m probably at my most cynical, so it’s not what candidates are saying about the issues that catches my attention. It’s the side shows – that’s where all the fun stuff happens – the negative adds, the personal scandals, the fears of voting failures and miscounts, the “facts” invented at…

Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.3 (and previous patchsets) Oracle Enterprise Manager Grid Control 10.2.0.5, 11.1.0.1 (and previous patchsets) Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc. Details: SQL Injection works by attempting to modify the parameters passed to an application to change the SQL statements that are passed to a database. SQL injection can be used to insert additional SQL statements to be…

Risk Level: Medium Affected versions: Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7, 11.2.0.3 (and previous patchsets) Oracle Enterprise Manager Grid Control 10.2.0.5 (and previous patchsets) Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc. Details: HTTP Response Splitting is a web application vulnerability where input parameters are unsafely used in response headers allowing an attacker to make the server print one (or more) new line sequences in the header section which…

Risk Level: Medium Affected versions: Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7, 11.2.0.3 (and previous patchsets) Oracle Enterprise Manager Grid Control 10.2.0.5 (and previous patchsets) Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc. Details: HTTP Response Splitting is a web application vulnerability where input parameters are unsafely used in response headers allowing an attacker to make the server print one (or more) new line sequences in the header section which…

Risk Level: Low Affected versions: Oracle Database Server version 10gR1, 10gR2 (10.2.0.5 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) Remote exploitable: Yes (No authentication is required) Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc. Details: Oracle Database provides OCIPasswordChange API to change user passwords.  This API can be used while a user is logged on as well as before the authentication process is completed, this is because it can be used…

Risk Level: Medium Affected versions: Oracle Database Server version 10gR1, 10gR2 (10.2.0.4 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) Remote exploitable: Yes (No authentication is required) Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc. Details: Oracle Database provides OCIPasswordChange API to change user passwords.  This API can be used while a user is logged on as well as before the authentication process is completed, this is because it can be used…

Risk Level: High Affected versions: Oracle Database Server version 10gR1, 10gR2 (10.2.0.4 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) Remote exploitable: Yes (No authentication is required) Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc. Details: Oracle Database provides OCIPasswordChange API to change user passwords.  This API can be used while a user is logged on as well as before the authentication process is completed, this is because it can be used…

Risk Level: Low Affected versions: Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7 (and previous patchsets) Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc. Details: Authenticating a web user without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. Oracle Enterprise Manager authenticates a user without first invalidating the existing session ID, thereby continuing to use the same session ID already associated with the session.  This…

Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2 (and previous patchsets) Oracle Enterprise Manager Grid Control 10.2.0.4 (and previous patchsets) Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc. Details: SQL Injection works by attempting to modify the parameters passed to an application to change the SQL statements that are passed to a database. SQL injection can be used to insert additional SQL statements to be executed….