Free Newsletters:
DatabaseDaily

Search Database Journal:

SQL Scripts & Samples

Links

Database Forum

» Database Journal Home

» Database Articles

» Database Tutorials

MS SQL

Oracle

DB2

MS Access

MySQL

» RESOURCES

Database Tools

SQL Scripts & Samples

Links

» Database Forum

» DBA Jobs

» Sitemap

News Via RSS Feed

New Security Features Planned for Firefox 4

Another Laptop Theft Exposes 21K Patients' Data

Oracle Hits to Road to Pitch Data Center Plans

Database Journal |DBA Support |SQLCourse |SQLCourse2

Featured Database Articles

Database News

Mar 8, 2005

Oracle Database Server UTL_FILE Error Discloses Files to Remote Authenticated Users

By DatabaseJournal.com Staff

[From SecurityTracker.com]

Version(s): 8i, 9i

Description: An input validation vulnerability was reported in Oracle Database Server in the UTL_FILE package. A remote authenticated user can access arbitrary files on the target system.

The software does not properly validate user-supplied input in some Directory Object functions. A remote authenticated user can exploit a flaw in UTL_FILE by supplying directory traversal characters to some Directory Object functions to gain read or write access to files on the target system that are located outside of the intended directory.

The article continues at http://www.securitytracker.com/alerts/2005/Mar/1013392.html

Database News Archives

0 Comments (click to add your comment)

Comment and Contribute

Latest Forum Threads
Database News Forum
Topic	By	Replies	Updated
Efficient SQL Server Indexing by Design	lcole	0	April 30th, 12:38 PM
Mine Oracle Database, SQL Server and Other Databases with Monarch Data Pump Pro V10.5	lcole	0	April 30th, 12:37 PM
Oracle Database and Oracle Fusion Middleware for Private Social Network Application	lcole	0	April 30th, 12:31 PM
Oracle Database Maintains a Stronghold in the DBMS Market	lcole	0	April 30th, 12:30 PM