Application Security Inc. - Securing Business by Securing Enterprise Applications

home

client login

partner login

online store

search:

MOST POPULAR CONTENT

1.	Top Database Security Threats for 2008
2.	Database Security Best Practices for Federal Agencies
3.	PCI Compliance at the Database Level
4.	Forrester WAVE Summary Scorecard
5.	SOX Compliance and Database Security

#14 - Buffer overflow on LOGFILE parameter

August 31, 2004

Credit: These vulnerabilities were researched and discovered by Cesar Cerrudo of Application Security, Inc.

Risk level: Low

Details:
Oracle Database Server allows adding redo log files to be used by database, by using alter database statement. When a long string is passed to LOGFILE parameter a buffer overflow occurs.

To reproduce the overflow, execute the next PL/SQL:

ALTER DATABASE CLEAR LOGFILE 'longstringhere';

ALTER DATABASE RECOVER LOGFILE 'longstringhere';

ALTER DATABASE DROP LOGFILE MEMBER 'longstringhere';

etc.

Analysis:
This vulnerability can be exploited by users with the ALTER DATABASE system privilege. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DOS (Denial of service) killing Oracle server process.

Vendor Fix:
Fixed in Oracle 9ir2 Patchset 4 (9.2.0.5) Patch 2. 10g Not vulnerable.