On Mon, 2 Apr 2007, Andrea "bunker" Purificato wrote: > [0-day] Remote Oracle DBMS_AQ.ENQUEUE exploit (10g) Not a 0day. Just publicly released exploit code. This is: 1. Patched. 2. Not publicly exploitable. Gadi. > > Grant or revoke dba permission to unprivileged user > Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" > > AUTHOR: Andrea "bunker" Purificato > http://rawlab.mindcreations.com > > DATE: Mon Apr 2 11:54:22 CEST 2007 > > PATCH: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html > (CVE-2007-0268 ?) > > > You can find the evil code here: > http://rawlab.mindcreations.com/codes/exp/oracle/dbms_aq-enqueue.pl > > > Regards, > -- > Andrea "bunker" Purificato > +++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++ > ++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++. > > http://rawlab.mindcreations.com >
