Oracle Database Server UTL_FILE Error Discloses Files to Remote Authenticated Users

Tuesday Mar 8th 2005 by DatabaseJournal.com Staff
Share:

An input validation vulnerability was reported in Oracle Database Server in the UTL_FILE package. A remote authenticated user can access arbitrary files on the target system.

[From SecurityTracker.com]

Version(s): 8i, 9i

Description: An input validation vulnerability was reported in Oracle Database Server in the UTL_FILE package. A remote authenticated user can access arbitrary files on the target system.

The software does not properly validate user-supplied input in some Directory Object functions. A remote authenticated user can exploit a flaw in UTL_FILE by supplying directory traversal characters to some Directory Object functions to gain read or write access to files on the target system that are located outside of the intended directory.

The article continues at http://www.securitytracker.com/alerts/2005/Mar/1013392.html

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved