Database Journal
MS SQL Oracle DB2 Access MySQL PostgreSQL Sybase PHP SQL Etc SQL Scripts & Samples Links Database Forum

» Database Journal Home
» Database Articles
» Database Tutorials
MS SQL
Oracle
DB2
MS Access
MySQL
» RESOURCES
Database Tools
SQL Scripts & Samples
Links
» Database Forum
» Sitemap
Free Newsletters:
DatabaseDaily  
News Via RSS Feed


follow us on Twitter
Database Journal |DBA Support |SQLCourse |SQLCourse2
 

Featured Database Articles

Database News

Posted Mar 8, 2005

Oracle Database Server UTL_FILE Error Discloses Files to Remote Authenticated Users

By DatabaseJournal.com Staff

[From SecurityTracker.com]

Version(s): 8i, 9i

Description: An input validation vulnerability was reported in Oracle Database Server in the UTL_FILE package. A remote authenticated user can access arbitrary files on the target system.

The software does not properly validate user-supplied input in some Directory Object functions. A remote authenticated user can exploit a flaw in UTL_FILE by supplying directory traversal characters to some Directory Object functions to gain read or write access to files on the target system that are located outside of the intended directory.

The article continues at http://www.securitytracker.com/alerts/2005/Mar/1013392.html



Database News Archives

Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 




Latest Forum Threads
Database News Forum
Topic By Replies Updated
Efficient SQL Server Indexing by Design lcole 0 April 30th, 12:38 PM
Mine Oracle Database, SQL Server and Other Databases with Monarch Data Pump Pro V10.5 lcole 0 April 30th, 12:37 PM
Oracle Database and Oracle Fusion Middleware for Private Social Network Application lcole 0 April 30th, 12:31 PM
Oracle Database Maintains a Stronghold in the DBMS Market lcole 0 April 30th, 12:30 PM


















Thanks for your registration, follow us on our social networks to keep up-to-date