we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability note CVE-2012-3132

Oracle Database: privilege elevation via DBMS_STATS and CTXSYS

Synthesis of the vulnerability

A local attacker can use DBMS_STATS and CTXSYS, in order to gain the SYSDBA privilege on Oracle Database.
Impacted products: Oracle DB.
Severity: 2/4.
Creation date: 08/08/2012.
Identifiers: BID-54884, CERTA-2012-AVI-429, cpuoct2012, CVE-2012-3132, VIGILANCE-VUL-11834.

Description of the vulnerability

The DBMS_STATS package and Oracle Text are installed by default with Oracle Database.

If an authenticated attacker:
- has the CREATE TABLE privilege, and
- has the CREATE PROCEDURE privilege, and
- has the EXECUTE privilege on DBMS_STATS, and
- has the EXECUTE privilege on CTXSYS.CTX_DDL,
then he can create an index with an INDEXTYPE of CTXSYS.CONTEXT and a column name containing "|| or ||", and then call DBMS_STATS.GATHER_TABLE_STATS, in order to inject a query to be executed with the SYSDBA privilege.

A local attacker can therefore use DBMS_STATS and CTXSYS, in order to gain the SYSDBA privilege on Oracle Database.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerability announce. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.