DBMS_JVM_EXP_PERMS 10gR2, 11gR1/R2 OS Command Execution

vendor:

Oracle Database

by:

sid[at]notsosecure.com

7.5

CVSS

HIGH

Remote Privilege Escalation

CWE

Product Name: Oracle Database

Affected Version From: Oracle Database 11gR2

Affected Version To: Oracle Database 11gR2

Patch Exists: NO

Related CWE:

CPE: oracle:database

Metasploit:

Other Scripts:

Platforms Tested: Windows

2010

DBMS_JVM_EXP_PERMS 10gR2, 11gR1/R2 OS Command Execution

This module exploits a flaw (0 day) in DBMS_JVM_EXP_PERMS package that allows any user with create session privilege to grant themselves java IO privileges. Identified by David Litchfield. Works on 10g R2, 11g R1 and R2 (Windows only)

Mitigation:

Apply the latest patches and updates from Oracle

Source

DBMS_JVM_EXP_PERMS 10gR2, 11gR1/R2 OS Command Execution

Mitigation:

Exploit-DB raw data: