|
#19 - Buffer overflow in CTX_OUTPUT Package Function
August 31, 2004
Credit: These vulnerabilities were researched and discovered by Cesar Cerrudo of Application Security, Inc.
Risk level: Medium
Details:
Oracle Database Server provides many packages, one of them called CTX_OUTPUT which can be used to log indexing and document service requests, has a vulnerable function, when this function is called with a long string a buffer overflow occurs.
To reproduce the overflow, execute the next PL/SQL:
begin
CTX_OUTPUT.START_LOG('longstringhere');
end;
Analysis:
This vulnerability can be exploited by members of Oracle CTXAPP Role, CTXSYS user and users granted execute permissions on CTX_OUTPUT package.
Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DOS (Denial of service) killing Oracle server process.
Vendor Fix:
Fixed in latest Oracle 9ir2 Patchset 4 (9.2.0.5) patch 2. 10g not vulnerable.
|
