|
#17 - Buffer overflow in Interval Conversion Functions
August 31, 2004
Credit: These vulnerabilities were researched and discovered by Cesar Cerrudo of Application Security, Inc.
Risk level: High
Details:
Oracle Database Server provides two functions that can be used with PL/SQL to convert numbers to date/time intervals, when any of these functions are called with a long string as a second parameter a buffer overflow occurs.
To reproduce the overflow, execute the next PL/SQL:
SELECT NUMTOYMINTERVAL(1,'longstringhere') from dual;
SELECT NUMTODSINTERVAL(1,'longstringhere') from dual;
Analysis:
This vulnerability can be exploited by any Oracle Database user because access to these functions can't be restricted.
Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DOS (Denial of service) killing Oracle server process.
Vendor Fix:
Fixed in Oracle 9ir2 Patchset 3 (9.2.0.4) Patch 3. 10g Not vulnerable.
|
