vulnerability note CVE-2012-3132
Oracle Database: privilege elevation via DBMS_STATS and CTXSYS
Synthesis of the vulnerability
A local attacker can use DBMS_STATS and CTXSYS, in order to gain the SYSDBA privilege on Oracle Database.Impacted products:
BID-54884, CERTA-2012-AVI-429, cpuoct2012, CVE-2012-3132, VIGILANCE-VUL-11834.
Description of the vulnerability
The DBMS_STATS package and Oracle Text are installed by default with Oracle Database.
If an authenticated attacker:
- has the CREATE TABLE privilege, and
- has the CREATE PROCEDURE privilege, and
- has the EXECUTE privilege on DBMS_STATS, and
- has the EXECUTE privilege on CTXSYS.CTX_DDL,
then he can create an index with an INDEXTYPE of CTXSYS.CONTEXT and a column name containing "|| or ||", and then call DBMS_STATS.GATHER_TABLE_STATS, in order to inject a query to be executed with the SYSDBA privilege.
A local attacker can therefore use DBMS_STATS and CTXSYS, in order to gain the SYSDBA privilege on Oracle Database.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a software vulnerability announce
. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.