/*
   Argeniss - Information Security
   http://www.argeniss.com
   info>at<argeniss.com

   You think you are secure because you are running the unbreakable Oracle, you think you are secure because you are up to date with patches, you think you are secure because etc., etc......
   You are wrong, Oracle software is so buggy that it can be owned in five seconds bypassing all protection mechanisms. Think how much money you will loose when your corporate data is compromised.
   There are still dozens of unpatched vulnerabilities. The best protection is eliminating vulnerabilities. 
   Join AVI service now and be safe http://www.argeniss.com/services.html
   Find out the special offer for Oracle vulnerability pack, it includes all unpatched Oracle vulnerability information with workaround scripts ready to apply.

   Workaround for Denial of Service in Oracle interMedia 
   http://www.argeniss.com/research.html
   http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf 
*/

-- WARNING: This workaround may cause your application to work incorrectly
-- if it depends (directly or indirectly) on any of the affected database objects.

-- REVOKE_EXECUTE_PRIV: This procedure revokes all the EXECUTE privileges granted
-- to the database object identified by the parameters P_OWNER and P_OBJECT_NAME.
CREATE OR REPLACE PROCEDURE REVOKE_EXECUTE_PRIV (P_OWNER IN VARCHAR2,
 P_OBJECT_NAME IN VARCHAR2) IS

CURSOR my_cur IS
select grantee from dba_tab_privs where owner = P_OWNER AND TABLE_NAME = P_OBJECT_NAME;

BEGIN
  FOR my_rec IN my_cur
  LOOP
    DBMS_OUTPUT.PUT_LINE ('Revoking EXECUTE privilege from ' || my_rec.grantee);
    EXECUTE IMMEDIATE 'REVOKE EXECUTE ON ' || P_OWNER || '.' || P_OBJECT_NAME ||' FROM ' || my_rec.grantee || ' FORCE';
  END LOOP;
END REVOKE_EXECUTE_PRIV;
/


-- To remove all execute privileges granted on vulnerable objects execute this PL/SQL:
BEGIN
  REVOKE_EXECUTE_PRIV ('ORDSYS', 'ORDIMAGE');
  REVOKE_EXECUTE_PRIV ('ORDSYS', 'ORDDOC');
END;
/


-- To remove execute privilege granted only to PUBLIC role on vulnerable objects
-- execute this PL/SQL:
REVOKE EXECUTE ON ORDSYS.ORDIMAGE FROM PUBLIC FORCE;
REVOKE EXECUTE ON ORDSYS.ORDDOC FROM PUBLIC FORCE;