#2 - Buffer overflow in public function INSTANTIATE_OFFLINE of DBMS_REPCAT_INSTANTIATE package
August 31, 2004
Credit: These vulnerabilities were researched and discovered by Esteban Martínez Fayó of Application Security, Inc.
Risk level: High
Oracle Database Server provides the DBMS_REPCAT_INSTANTIATE package that can be used in replicated environments to manage the instantiation of deployment templates. This package contains a public function INSTANTIATE_OFFLINE that is used to generate a script at the master site to create the materialized view environment at the remote materialized view site while offline. When this function is called with a long string in the first parameter a buffer overflow occurs.
To reproduce the overflow, execute the next SQL:
SELECT DBMS_REPCAT_INSTANTIATE.INSTANTIATE_OFFLINE ('longstring','') FROM Dual
a := DBMS_REPCAT_INSTANTIATE.INSTANTIATE_OFFLINE('longstring','');
By default DBMS_REPCAT_INSTANTIATE has EXECUTE permission to PUBLIC so any Oracle database user can exploit this vulnerability.
Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DOS (Denial of service) killing Oracle server process.
Fixed in Patchset 4 (18.104.22.168). 10g Not vulnerable.