Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Oracle Database REPCAT_RPC.VALIDATE_REMOTE_RC SQL Injection

Subscribe

Check Point Reference: CPAI-2009-195
Date Published:
Severity:
Source: Secunia Advisory: SA35776
Industry Reference(s):

CVE-2009-1021
Protection Provided by: Security Gateway
  • R70
VPN-1
  • NGX R65
VSX
  • NGX R65
Who is Vulnerable?
Oracle Database 10.1.0.5 and prior
Oracle Database 10g Release 2 10.2.0.3 and prior
Oracle Database 9i Release 2 9.2.0.8 and prior
Oracle Database 9i Release 2 9.2.0.8DV and prior
Vulnerability Description
An SQL injection vulnerability has been reported in Oracle Database server, an enterprise-level relational database application suite. Remote authenticated attackers having Create Session privileges can exploit this vulnerability to inject and execute malicious SQL commands on the target server.
Update/Patch Available
The vendor, Oracle, has released an advisory addressing this vulnerability: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html
Vulnerability Details
The vulnerability is due to an input validation error in function VALIDATE_REMOTE_RC of the package DBMS_REPCAT_RPC. An attacker exploiting this issue may disclose sensitive data or compromise data integrity.

Protection Overview

By enabling this protection, SmartDefense will detect and block malformed use of the REPCAT_RPC.VALIDATE_REMOTE_RC function over Oracle traffic.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R70

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > Application Intelligence > Database Protections > Oracle.
2. In the right pane, double-click the Oracle Database Server REPCAT_RPC.VALIDATE_REMOTE_RC SQL Injection protection.
3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?

SmartView Tracker will log the following entries:

Attack Name: Oracle Protection Violation
Attack Information: Oracle database server REPCAT_RPC.VALIDATE_REMOTE_RC SQL injection

VPN-1 NGX R65

How Can I Protect My Network?

1. In the SmartDefense tab, click Application Intelligence > Database Protections > Oracle > Oracle Database Server REPCAT_RPC.VALIDATE_REMOTE_RC SQL Injection protection.
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.

How Do I Know if My Network is Under Attack?

SmartView Tracker will log the following entries:

Attack Name: Oracle Protection Violation
Attack Information: Oracle database server REPCAT_RPC.VALIDATE_REMOTE_RC SQL injection

VSX NGX R65

How Can I Protect My Network?

1. In the SmartDefense tab, click Application Intelligence > Database Protections > Oracle > Oracle Database Server REPCAT_RPC.VALIDATE_REMOTE_RC SQL Injection protection.
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.

How Do I Know if My Network is Under Attack?

SmartView Tracker will log the following entries:

Attack Name: Oracle Protection Violation
Attack Information: Oracle database server REPCAT_RPC.VALIDATE_REMOTE_RC SQL injection