Oracle allows PL/SQL code to execute arbitrary library calls through a request to the Oracle Listener process. As there is no authentication, any party able to connect to the Listener may emulate this conversation and cause arbitrary library calls to be executed as the oracle user, including system and exec. It is also possible to redirect standard IO to a socket. This may immediately lead to a local compromise of the Oracle user.


On Windows based systems, the call is run within the local SYSTEM security context. On Unix systems, the Listener may run with user-level privileges.

Exploit: There is no exploit code.

Remote: Yes

SOnIc how are you getting all this stuff on Oracle? <chuckles> Is there a favorite site or something? Anyway keep up the info on it.