Intrusion Prevention

Oracle.Database.REPCAT_RPC.VALIDATE_REMOTE_RC.SQL.Injection

Description

This indicates an attempt to exploit a SQL injection vulnerability in Oracle Database server.
The vulnerability is caused by an input validation error in function VALIDATE_REMOTE_RC of the package DBMS_REPCAT_RPC. It allows a remote attacker to inject and execute malicious SQL commands on the target server.

Affected Products

Oracle Oracle9i Standard Edition 9.2 .8DV
Oracle Oracle9i Standard Edition 9.2 .8
Oracle Oracle9i Personal Edition 9.2 .8DV
Oracle Oracle9i Personal Edition 9.2 .8
Oracle Oracle9i Enterprise Edition 9.2 .8DV
Oracle Oracle9i Enterprise Edition 9.2 .8.0
Oracle Oracle10g Standard Edition 10.2 .3
Oracle Oracle10g Standard Edition 10.1 .0.5
Oracle Oracle10g Personal Edition 10.1 .5
Oracle Oracle10g Personal Edition 10.2.0.4
Oracle Oracle10g Enterprise Edition 10.2 .3
Oracle Oracle10g Enterprise Edition 10.1 .5

Impact

System Compromise.

Recommended Actions

Apply Critical Patch Update Advisory - July 2009:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html

CVE References

CVE-2009-1021