Application Security, Inc.
home client login partner login online store contact us
search:
Solutions Products Partners Support News & Events About Us

Team SHATTER Security Alert

Oracle Binary Buffer Overflow

October 23, 2003

For additional details, the official advisories from Oracle Corporation can be downloaded from: http://otn.oracle.com/deploy/security/pdf/2003alert59.pdf

To determine if you are vulnerable to this attack, download AppDetective from http://www.appsecinc.com/products/appdetective/oracle

Risk level: Medium

Summary:
Buffer overflows have been discovered in the binary files oracle and oracleO. These files have the setUID bit enabled by the Oracle installation program and are owned by the oracle user. By passing an overly-long parameter to the oracle or oracleO binary on the command line, a user can run exploit code under the privilege of the oracle owner.

Versions/Products Affected:
- Oracle9i Database Release 1 and 2 on Linux and UNIX

Details:
The primary Oracle database engine is implemented in the executable file oracle. This file as well as the oracleO file has its setUID bit enabled by the installation program.

The oracle binary file accepts parameters on the command line. A buffer overflow occurs when overly-long parameters are passed on the command line. This buffer overflow would allow a local UNIX user to run the program, execute arbitrary code under the privileges of the oracle owner, and compromise the database server.

The attack can only by exploited by a user on the local operating system. The local operating system user would not need any special privileges other than permission to execute the $ORACLE_HOME/bin/oracle or $ORACLE_HOME/bin/oracleO files.

Fix:
Both Oracle9i Database Release 1 and 2 are vulnerable to this buffer overflow. A patch is available for Oracle 9i Database Release 9.2.0.4 for Linux x86. This patch can be downloaded from http://metalink.oracle.com by searching on the patch number 3157063.

The fix will be included in all versions of Oracle 9i Database Release 9.2.0.5. The below fix must be used for all other versions.

One work around to preventing this attack is to restrict access to the operating system files using the following command:

cd $ORACLE_HOME/bin
chmod o-x oracle oracleO

Contact Us | Privacy | Sitemap | Legal
sales@appsecinc.com | support@appsecinc.com 		Call us toll free at: 1-866-927-7732 | FAX: 1-212-947-8788
. Application Security, Inc. All Rights Reserved