Oracle.Database.REPCAT_RPC.VALIDATE_REMOTE_RC.SQL.Injection
Description
This indicates an attempt to exploit a SQL injection vulnerability in Oracle Database server.
The vulnerability is caused by an input validation error in function VALIDATE_REMOTE_RC of the package DBMS_REPCAT_RPC. It allows a remote attacker to inject and execute malicious SQL commands on the target server.
Affected Products
Oracle Oracle9i Standard Edition 9.2 .8DV
Oracle Oracle9i Standard Edition 9.2 .8
Oracle Oracle9i Personal Edition 9.2 .8DV
Oracle Oracle9i Personal Edition 9.2 .8
Oracle Oracle9i Enterprise Edition 9.2 .8DV
Oracle Oracle9i Enterprise Edition 9.2 .8.0
Oracle Oracle10g Standard Edition 10.2 .3
Oracle Oracle10g Standard Edition 10.1 .0.5
Oracle Oracle10g Personal Edition 10.1 .5
Oracle Oracle10g Personal Edition 10.2.0.4
Oracle Oracle10g Enterprise Edition 10.2 .3
Oracle Oracle10g Enterprise Edition 10.1 .5
Impact
System Compromise.
Recommended Actions
Apply Critical Patch Update Advisory - July 2009:
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |