Application Security Inc. - Database Security, Monitoring, Assessment, Auditing, Encryption, and Regulatory Compliance.
 
 
 
home client login partner login purchasing info contact us
search:
Solutions Products Partners Support News & Events About Us
add this

Team SHATTER Security Alert

#16 - Buffer overflow on FILE parameter

August 31, 2004

Credit: These vulnerabilities were researched and discovered by Cesar Cerrudo of Application Security, Inc.

Risk level: Low

Details:
Oracle Database Server allows to rename data files used by database, by using the alter database statement. When a long string is passed to FILE parameter a buffer overflow occurs.

To reproduce the overflow, execute the next PL/SQL:

ALTER DATABASE RENAME FILE 'longstringhere' TO 'anything';

Analysis:
This vulnerability can be exploited by users with the ALTER DATABASE system privilege.
Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DOS (Denial of service) killing Oracle server process.

Vendor Fix:
Fixed in Oracle 9ir2 Patchset 4 (9.2.0.5) Patch 2. 10g Not vulnerable.

 
Contact Us | Privacy | Sitemap | Legal
sales@appsecinc.com | support@appsecinc.com 		Call us toll free at: 1-866-927-7732 | FAX: 1-212-947-8788
. Application Security, Inc. All Rights Reserved