Application Security Inc. - Securing Business by Securing Enterprise Applications

home

client login

partner login

online store

search:

MOST POPULAR CONTENT

1.	Top Database Security Threats for 2008
2.	Database Security Best Practices for Federal Agencies
3.	PCI Compliance at the Database Level
4.	Forrester WAVE Summary Scorecard
5.	SOX Compliance and Database Security

#25 - Buffer overflow on procedures of the Replication Management API packages

August 31, 2004

Credit: These vulnerabilities were researched and discovered by Esteban Martínez Fayó of Application Security, Inc.

Risk level: Medium

Details:
Oracle Database Server provides a set of packages that can be used to administer a replicated environment. Some procedures of these packages are vulnerable to buffer overflow.

These are the vulnerable procedures:
DBMS_INTERNAL_REPCAT.DISABLE_RECEIVER_TRACE
DBMS_INTERNAL_REPCAT.ENABLE_RECEIVER_TRACE
DBMS_INTERNAL_REPCAT.VALIDATE
DBMS_OFFLINE_OG.BEGIN_FLAVOR_CHANGE
DBMS_OFFLINE_OG.BEGIN_INSTANTIATION
DBMS_OFFLINE_OG.BEGIN_LOAD
DBMS_OFFLINE_OG.END_FLAVOR_CHANGE
DBMS_OFFLINE_OG.END_INSTANTIATION
DBMS_OFFLINE_OG.END_LOAD
DBMS_OFFLINE_OG.RESUME_SUBSET_OF_MASTERS
DBMS_OFFLINE_RGT.ADD_CONFLICT_OFFLINE
DBMS_OFFLINE_RGT.ADD_FLAVOR_OBJECT_OFFLINE
DBMS_OFFLINE_RGT.ADD_GROUPED_COLUMN_OFFLINE
DBMS_OFFLINE_RGT.ADD_INTERNAL_PKG
DBMS_OFFLINE_RGT.ADD_MASTER_OFFLINE
DBMS_OFFLINE_RGT.ADD_PARAMETER_COLUMN_OFFLINE
DBMS_OFFLINE_RGT.ADD_PRIORITY_GROUP_OFFLINE
DBMS_OFFLINE_RGT.ADD_PRIORITY_OFFLINE
DBMS_OFFLINE_RGT.ADD_REPCOLUMN_OFFLINE
DBMS_OFFLINE_RGT.ADD_REPOBJECT_OFFLINE
DBMS_OFFLINE_RGT.ADD_RESOLUTION_OFFLINE
DBMS_OFFLINE_RGT.ADD_SNAPMASTER_OFFLINE
DBMS_OFFLINE_SNAPSHOT.BEGIN_LOAD
DBMS_OFFLINE_SNAPSHOT.END_LOAD
DBMS_RECTIFIER_DIFF.DIFFERENCES
DBMS_RECTIFIER_DIFF.RECTIFY
DBMS_REPCAT.ABORT_FLAVOR_DEFINITION
DBMS_REPCAT.ADD_COLUMN_GROUP_TO_FLAVOR
DBMS_REPCAT.ADD_COLUMNS_TO_FLAVOR
DBMS_REPCAT.ADD_DELETE_RESOLUTION
DBMS_REPCAT.ADD_GROUPED_COLUMN
DBMS_REPCAT.ADD_MASTER_DATABASE
DBMS_REPCAT.ADD_OBJECT_TO_FLAVOR
DBMS_REPCAT.ADD_PRIORITY_CHAR
DBMS_REPCAT.ADD_PRIORITY_DATE
DBMS_REPCAT.ADD_PRIORITY_NCHAR
DBMS_REPCAT.ADD_PRIORITY_NUMBER
DBMS_REPCAT.ADD_PRIORITY_NVARCHAR2
DBMS_REPCAT.ADD_PRIORITY_RAW
DBMS_REPCAT.ADD_PRIORITY_VARCHAR2
DBMS_REPCAT.ADD_SITE_PRIORITY_SITE
DBMS_REPCAT.ADD_UNIQUE_RESOLUTION
DBMS_REPCAT.ADD_UPDATE_RESOLUTION
DBMS_REPCAT.ALTER_MASTER_PROPAGATION
DBMS_REPCAT.ALTER_MASTER_REPOBJECT
DBMS_REPCAT.ALTER_MVIEW_PROPAGATION
DBMS_REPCAT.ALTER_PRIORITY
DBMS_REPCAT.ALTER_PRIORITY_CHAR
DBMS_REPCAT.ALTER_PRIORITY_DATE
DBMS_REPCAT.ALTER_PRIORITY_NCHAR
DBMS_REPCAT.ALTER_PRIORITY_NUMBER
DBMS_REPCAT.ALTER_PRIORITY_NVARCHAR2
DBMS_REPCAT.ALTER_PRIORITY_RAW
DBMS_REPCAT.ALTER_PRIORITY_VARCHAR2
DBMS_REPCAT.ALTER_SITE_PRIORITY
DBMS_REPCAT.ALTER_SITE_PRIORITY_SITE
DBMS_REPCAT.ALTER_SNAPSHOT_PROPAGATION
DBMS_REPCAT.BEGIN_FLAVOR_DEFINITION
DBMS_REPCAT.CANCEL_STATISTICS
DBMS_REPCAT.COMMENT_ON_COLUMN_GROUP
DBMS_REPCAT.COMMENT_ON_DELETE_RESOLUTION
DBMS_REPCAT.COMMENT_ON_MVIEW_REPSITES
DBMS_REPCAT.COMMENT_ON_PRIORITY_GROUP
DBMS_REPCAT.COMMENT_ON_REPGROUP
DBMS_REPCAT.COMMENT_ON_REPOBJECT
DBMS_REPCAT.COMMENT_ON_REPSITES
DBMS_REPCAT.COMMENT_ON_SITE_PRIORITY
DBMS_REPCAT.COMMENT_ON_SNAPSHOT_REPSITES
DBMS_REPCAT.COMMENT_ON_UNIQUE_RESOLUTION
DBMS_REPCAT.COMMENT_ON_UPDATE_RESOLUTION
DBMS_REPCAT.COMPARE_OLD_VALUES
DBMS_REPCAT.CREATE_MASTER_REPGROUP
DBMS_REPCAT.CREATE_MASTER_REPOBJECT
DBMS_REPCAT.CREATE_MVIEW_REPGROUP
DBMS_REPCAT.CREATE_MVIEW_REPOBJECT
DBMS_REPCAT.CREATE_SNAPSHOT_REPGROUP
DBMS_REPCAT.CREATE_SNAPSHOT_REPOBJECT
DBMS_REPCAT.DEFINE_COLUMN_GROUP
DBMS_REPCAT.DEFINE_PRIORITY_GROUP
DBMS_REPCAT.DEFINE_SITE_PRIORITY
DBMS_REPCAT.DO_DEFERRED_REPCAT_ADMIN
DBMS_REPCAT.DROP_COLUMN_GROUP
DBMS_REPCAT.DROP_COLUMN_GROUP_FROM_FLAVOR
DBMS_REPCAT.DROP_COLUMNS_FROM_FLAVOR
DBMS_REPCAT.DROP_DELETE_RESOLUTION
DBMS_REPCAT.DROP_GROUPED_COLUMN
DBMS_REPCAT.DROP_MASTER_REPGROUP
DBMS_REPCAT.DROP_MASTER_REPOBJECT
DBMS_REPCAT.DROP_MVIEW_REPGROUP
DBMS_REPCAT.DROP_MVIEW_REPOBJECT
DBMS_REPCAT.DROP_OBJECT_FROM_FLAVOR
DBMS_REPCAT.DROP_PRIORITY
DBMS_REPCAT.DROP_PRIORITY_CHAR
DBMS_REPCAT.DROP_PRIORITY_DATE
DBMS_REPCAT.DROP_PRIORITY_GROUP
DBMS_REPCAT.DROP_PRIORITY_NCHAR
DBMS_REPCAT.DROP_PRIORITY_NUMBER
DBMS_REPCAT.DROP_PRIORITY_NVARCHAR2
DBMS_REPCAT.DROP_PRIORITY_RAW
DBMS_REPCAT.DROP_PRIORITY_VARCHAR2
DBMS_REPCAT.DROP_SITE_PRIORITY
DBMS_REPCAT.DROP_SITE_PRIORITY_SITE
DBMS_REPCAT.DROP_SNAPSHOT_REPGROUP
DBMS_REPCAT.DROP_SNAPSHOT_REPOBJECT
DBMS_REPCAT.DROP_UNIQUE_RESOLUTION
DBMS_REPCAT.DROP_UPDATE_RESOLUTION
DBMS_REPCAT.EXECUTE_DDL
DBMS_REPCAT.GENERATE_FLAVOR_NAME
DBMS_REPCAT.GENERATE_MVIEW_SUPPORT
DBMS_REPCAT.GENERATE_REPLICATION_PACKAGE
DBMS_REPCAT.GENERATE_REPLICATION_SUPPORT
DBMS_REPCAT.GENERATE_REPLICATION_TRIGGER
DBMS_REPCAT.GENERATE_SNAPSHOT_SUPPORT
DBMS_REPCAT.MAKE_COLUMN_GROUP
DBMS_REPCAT.OBSOLETE_FLAVOR_DEFINITION
DBMS_REPCAT.PUBLISH_FLAVOR_DEFINITION
DBMS_REPCAT.PURGE_FLAVOR_DEFINITION
DBMS_REPCAT.PURGE_MASTER_LOG
DBMS_REPCAT.PURGE_STATISTICS
DBMS_REPCAT.REFRESH_MVIEW_REPGROUP
DBMS_REPCAT.REFRESH_SNAPSHOT_REPGROUP
DBMS_REPCAT.REGISTER_MVIEW_REPGROUP
DBMS_REPCAT.REGISTER_SNAPSHOT_REPGROUP
DBMS_REPCAT.REGISTER_STATISTICS
DBMS_REPCAT.RELOCATE_MASTERDEF
DBMS_REPCAT.REMOVE_MASTER_DATABASES
DBMS_REPCAT.RENAME_SHADOW_COLUMN_GROUP
DBMS_REPCAT.REPCAT_IMPORT_CHECK
DBMS_REPCAT.RESUME_MASTER_ACTIVITY
DBMS_REPCAT.SEND_AND_COMPARE_OLD_VALUES
DBMS_REPCAT.SEND_OLD_VALUES
DBMS_REPCAT.SET_COLUMNS
DBMS_REPCAT.SET_LOCAL_FLAVOR
DBMS_REPCAT.SPECIFY_NEW_MASTERS
DBMS_REPCAT.SUSPEND_MASTER_ACTIVITY
DBMS_REPCAT.SWITCH_MVIEW_MASTER
DBMS_REPCAT.SWITCH_SNAPSHOT_MASTER
DBMS_REPCAT.UNREGISTER_MVIEW_REPGROUP
DBMS_REPCAT.UNREGISTER_SNAPSHOT_REPGROUP
DBMS_REPCAT.VALIDATE
DBMS_REPCAT.VALIDATE_FLAVOR_DEFINITION
DBMS_REPCAT.VALIDATE_FOR_LOCAL_FLAVOR
DBMS_REPCAT.WAIT_MASTER_LOG
DBMS_REPCAT_ADD_MASTER.SPECIFY_NEW_MASTERS
DBMS_REPCAT_ADMIN.REGISTER_USER_REPGROUP
DBMS_REPCAT_ADMIN.UNREGISTER_USER_REPGROUP
DBMS_REPCAT_AUTH.GRANT_SURROGATE_REPCAT
DBMS_REPCAT_AUTH.REVOKE_SURROGATE_REPCAT
DBMS_REPCAT_CONF.ADD_DELETE_RESOLUTION
DBMS_REPCAT_CONF.ADD_GROUPED_COLUMN
DBMS_REPCAT_CONF.ADD_PRIORITY_CHAR
DBMS_REPCAT_CONF.ADD_PRIORITY_DATE
DBMS_REPCAT_CONF.ADD_PRIORITY_NCHAR
DBMS_REPCAT_CONF.ADD_PRIORITY_NUMBERv DBMS_REPCAT_CONF.ADD_PRIORITY_NVARCHAR2
DBMS_REPCAT_CONF.ADD_PRIORITY_RAW
DBMS_REPCAT_CONF.ADD_PRIORITY_VARCHAR2
DBMS_REPCAT_CONF.ADD_SITE_PRIORITY_SITE
DBMS_REPCAT_CONF.ADD_UNIQUE_RESOLUTION
DBMS_REPCAT_CONF.ADD_UPDATE_RESOLUTION
DBMS_REPCAT_CONF.ALTER_PRIORITY
DBMS_REPCAT_CONF.ALTER_PRIORITY_CHAR
DBMS_REPCAT_CONF.ALTER_PRIORITY_DATE
DBMS_REPCAT_CONF.ALTER_PRIORITY_NCHAR
DBMS_REPCAT_CONF.ALTER_PRIORITY_NUMBER
DBMS_REPCAT_CONF.ALTER_PRIORITY_NVARCHAR2
DBMS_REPCAT_CONF.ALTER_PRIORITY_RAW
DBMS_REPCAT_CONF.ALTER_PRIORITY_VARCHAR2
DBMS_REPCAT_CONF.ALTER_SITE_PRIORITY
DBMS_REPCAT_CONF.ALTER_SITE_PRIORITY_SITE
DBMS_REPCAT_CONF.CANCEL_STATISTICS
DBMS_REPCAT_CONF.CHECK_GROUP_INFO
DBMS_REPCAT_CONF.CHECK_ONAME_INFO
DBMS_REPCAT_CONF.COMMENT_ON_COLUMN_GROUP
DBMS_REPCAT_CONF.COMMENT_ON_DELETE_RESOLUTION
DBMS_REPCAT_CONF.COMMENT_ON_PRIORITY_GROUP
DBMS_REPCAT_CONF.COMMENT_ON_SITE_PRIORITY
DBMS_REPCAT_CONF.COMMENT_ON_UNIQUE_RESOLUTION
DBMS_REPCAT_CONF.COMMENT_ON_UPDATE_RESOLUTION
DBMS_REPCAT_CONF.DEFINE_COLUMN_GROUP
DBMS_REPCAT_CONF.DEFINE_PRIORITY_GROUP
DBMS_REPCAT_CONF.DEFINE_SITE_PRIORITY
DBMS_REPCAT_CONF.DROP_COLUMN_GROUP
DBMS_REPCAT_CONF.DROP_DELETE_RESOLUTION
DBMS_REPCAT_CONF.DROP_GROUPED_COLUMN
DBMS_REPCAT_CONF.DROP_PRIORITY
DBMS_REPCAT_CONF.DROP_PRIORITY_CHAR
DBMS_REPCAT_CONF.DROP_PRIORITY_DATE
DBMS_REPCAT_CONF.DROP_PRIORITY_GROUP
DBMS_REPCAT_CONF.DROP_PRIORITY_NCHAR
DBMS_REPCAT_CONF.DROP_PRIORITY_NUMBER
DBMS_REPCAT_CONF.DROP_PRIORITY_NVARCHAR2
DBMS_REPCAT_CONF.DROP_PRIORITY_RAW
DBMS_REPCAT_CONF.DROP_PRIORITY_VARCHAR2
DBMS_REPCAT_CONF.DROP_SITE_PRIORITY
DBMS_REPCAT_CONF.DROP_SITE_PRIORITY_SITE
DBMS_REPCAT_CONF.DROP_UNIQUE_RESOLUTION
DBMS_REPCAT_CONF.DROP_UPDATE_RESOLUTION
DBMS_REPCAT_CONF.MAKE_COLUMN_GROUP
DBMS_REPCAT_CONF.PURGE_STATISTICS
DBMS_REPCAT_CONF.REGISTER_STATISTICS
DBMS_REPCAT_FLA.ABORT_DEFINITION
DBMS_REPCAT_FLA.ABORT_FLAVOR_DEFINITION
DBMS_REPCAT_FLA.ADD_OBJECT
DBMS_REPCAT_FLA.ADD_OBJECT_TO_FLAVOR
DBMS_REPCAT_FLA.BEGIN_DEFINITION
DBMS_REPCAT_FLA.BEGIN_FLAVOR_DEFINITION
DBMS_REPCAT_FLA.DROP_OBJECT
DBMS_REPCAT_FLA.DROP_OBJECT_FROM_FLAVOR
DBMS_REPCAT_FLA.ENSURE_NOT_PUBLISHED
DBMS_REPCAT_FLA.GENERATE_FLAVOR_NAME
DBMS_REPCAT_FLA.LOCAL_OBJECT_MATCHES
DBMS_REPCAT_FLA.SET_LOCAL_FLAVOR
DBMS_REPCAT_FLA.VALIDATE_DEFINITION
DBMS_REPCAT_FLA.VALIDATE_FLAVOR_DEFINITION
DBMS_REPCAT_FLA.VALIDATE_FOR_LOCAL_FLAVOR
DBMS_REPCAT_FLA.VALIDATE_LOCAL
DBMS_REPCAT_FLA.VALIDATE_LOCAL_COLS
DBMS_REPCAT_FLA.VALIDATE_LOCAL_MAS
DBMS_REPCAT_FLA.VALIDATE_LOCAL_SNAP
DBMS_REPCAT_FLA.VALIDATE_TABLE
DBMS_REPCAT_FLA_MAS.ADD_COLUMN_GROUP_TO_FLAVOR
DBMS_REPCAT_FLA_MAS.ADD_COLUMNS_TO_FLAVOR
DBMS_REPCAT_FLA_MAS.DROP_COLUMN_GROUP_FROM_FLAVOR
DBMS_REPCAT_FLA_MAS.DROP_COLUMNS_FROM_FLAVOR
DBMS_REPCAT_FLA_MAS.OBSOLETE_DEFINITION
DBMS_REPCAT_FLA_MAS.OBSOLETE_FLAVOR_DEFINITION
DBMS_REPCAT_FLA_MAS.PUBLISH_DEFINITION
DBMS_REPCAT_FLA_MAS.PUBLISH_FLAVOR_DEFINITION
DBMS_REPCAT_FLA_MAS.PURGE_DEFINITION
DBMS_REPCAT_FLA_MAS.PURGE_FLAVOR_DEFINITION
DBMS_REPCAT_FLA_UTL.CANONICALIZE_FLAVOR
DBMS_REPCAT_FLA_UTL.CANONICALIZE_OBJECT
DBMS_REPCAT_INSTANTIATE.DROP_SITE_INSTANTIATION
DBMS_REPCAT_INSTANTIATE.INSTANTIATE_OFFLINE
DBMS_REPCAT_INSTANTIATE.INSTANTIATE_ONLINE
DBMS_REPCAT_MAS.ADD_MASTER_DATABASE
DBMS_REPCAT_MAS.ALTER_MASTER_PROPAGATION
DBMS_REPCAT_MAS.ALTER_MASTER_REPOBJECT
DBMS_REPCAT_MAS.COMMENT_ON_REPGROUP
DBMS_REPCAT_MAS.COMMENT_ON_REPOBJECT
DBMS_REPCAT_MAS.COMMENT_ON_REPSITES
DBMS_REPCAT_MAS.CREATE_MASTER_REPGROUP
DBMS_REPCAT_MAS.CREATE_MASTER_REPOBJECT
DBMS_REPCAT_MAS.DO_DEFERRED_REPCAT_ADMIN
DBMS_REPCAT_MAS.DROP_MASTER_REPGROUP
DBMS_REPCAT_MAS.ENSURE_MASTERDEF
DBMS_REPCAT_MAS.EXECUTE_DDL
DBMS_REPCAT_MAS.GENERATE_REPLICATION_PACKAGE
DBMS_REPCAT_MAS.GENERATE_REPLICATION_SUPPORT
DBMS_REPCAT_MAS.GENERATE_REPLICATION_TRIGGER
DBMS_REPCAT_MAS.PURGE_MASTER_LOG
DBMS_REPCAT_MAS.RELOCATE_MASTERDEF
DBMS_REPCAT_MAS.REMOVE_MASTER_DATABASES
DBMS_REPCAT_MAS.RENAME_SHADOW_COLUMN_GROUP
DBMS_REPCAT_MAS.RESUME_MASTER_ACTIVITY
DBMS_REPCAT_MAS.SEND_AND_COMPARE_OLD_VALUES
DBMS_REPCAT_MAS.SET_COLUMNS
DBMS_REPCAT_MAS.SUSPEND_MASTER_ACTIVITY
DBMS_REPCAT_MAS.WAIT_MASTER_LOG
DBMS_REPCAT_OBJ_UTL.LCNAME_TAB_TO_CNAME_TAB
DBMS_REPCAT_RGT.CHECK_DDL_TEXT
DBMS_REPCAT_RGT.CREATE_OBJECT_FROM_EXISTING
DBMS_REPCAT_RGT.DROP_SITE_INSTANTIATION
DBMS_REPCAT_RGT.INSTANTIATE_OFFLINE
DBMS_REPCAT_RGT.INSTANTIATE_ONLINE
DBMS_REPCAT_RGT_CUST.CREATE_OBJECT_FROM_EXISTING
DBMS_REPCAT_RPC.GET_OBJECT_SHAPE
DBMS_REPCAT_RPC.GET_OBJECT_SHAPE_RC
DBMS_REPCAT_RPC.RELOCATE_MASTERDEF
DBMS_REPCAT_RPC.RELOCATE_MASTERDEF_RC
DBMS_REPCAT_SNA.ALTER_SNAPSHOT_PROPAGATION
DBMS_REPCAT_SNA.CREATE_SNAPSHOT_REPGROUP
DBMS_REPCAT_SNA.CREATE_SNAPSHOT_REPOBJECT
DBMS_REPCAT_SNA.CREATE_SNAPSHOT_REPSCHEMA
DBMS_REPCAT_SNA.DROP_SNAPSHOT_REPGROUP
DBMS_REPCAT_SNA.DROP_SNAPSHOT_REPOBJECT
DBMS_REPCAT_SNA.DROP_SNAPSHOT_REPSCHEMA
DBMS_REPCAT_SNA.GENERATE_SNAPSHOT_SUPPORT
DBMS_REPCAT_SNA.REFRESH_SNAPSHOT_REPGROUP
DBMS_REPCAT_SNA.REFRESH_SNAPSHOT_REPSCHEMA
DBMS_REPCAT_SNA.REGISTER_SNAPSHOT_REPGROUP
DBMS_REPCAT_SNA.REPCAT_IMPORT_CHECK
DBMS_REPCAT_SNA.SET_LOCAL_FLAVOR
DBMS_REPCAT_SNA.SWITCH_SNAPSHOT_MASTER
DBMS_REPCAT_SNA.UNREGISTER_SNAPSHOT_REPGROUP
DBMS_REPCAT_SNA.VALIDATE_FOR_LOCAL_FLAVOR
DBMS_REPCAT_SNA_UTL.ALTER_SNAPSHOT_PROPAGATION
DBMS_REPCAT_SNA_UTL.CHECK_REGISTRATION_PARAMS
DBMS_REPCAT_SNA_UTL.CREATE_SNAPSHOT_REPGROUP
DBMS_REPCAT_SNA_UTL.CREATE_SNAPSHOT_REPOBJECT
DBMS_REPCAT_SNA_UTL.DROP_SNAPSHOT_REPGROUP
DBMS_REPCAT_SNA_UTL.DROP_SNAPSHOT_REPOBJECT
DBMS_REPCAT_SNA_UTL.GENERATE_SNAPSHOT_SUPPORT
DBMS_REPCAT_SNA_UTL.LOCAL_GENERATE_DDL
DBMS_REPCAT_SNA_UTL.REFRESH_SNAPSHOT_REPGROUP
DBMS_REPCAT_SNA_UTL.REGISTER_FLAVOR_CHANGE
DBMS_REPCAT_SNA_UTL.REGISTER_SNAPSHOT_REPGROUP
DBMS_REPCAT_SNA_UTL.REMOTE_GENERATE_DDL
DBMS_REPCAT_SNA_UTL.REPCAT_IMPORT_CHECK
DBMS_REPCAT_SNA_UTL.SWITCH_SNAPSHOT_MASTER
DBMS_REPCAT_SNA_UTL.UNREGISTER_SNAPSHOT_REPGROUP
DBMS_REPCAT_SQL_UTL.DO_ARRAY_DDL
DBMS_REPCAT_SQL_UTL.DO_DDL
DBMS_REPCAT_SQL_UTL.DO_MULTIPLE_DDLS
DBMS_REPCAT_UNTRUSTED.REGISTER_SNAPSHOT_REPGROUP
DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT_REPGROUP
DBMS_REPCAT_UTL.CANONICALIZE
DBMS_REPCAT_UTL.COMMENT_ON_REPSITES
DBMS_REPCAT_UTL.CONVERT_REASON_TO_ID
DBMS_REPCAT_UTL.CONVERT_TYPE_TO_ID
DBMS_REPCAT_UTL.DEFAULT_FUNCTION_NAME
DBMS_REPCAT_UTL.DROP_AN_OBJECT
DBMS_REPCAT_UTL.FOLLOW_SYNONYM_CHAIN
DBMS_REPCAT_UTL.GENERATE_WHAT_AM_I
DBMS_REPCAT_UTL.GET_REPCOLUMN_FLAG
DBMS_REPCAT_UTL.RESOLVE_NAME
DBMS_REPCAT_UTL.SET_REPCOLUMN_FLAG
DBMS_REPCAT_UTL2.CHECK_OBJECT_SHAPE
DBMS_REPCAT_UTL2.GET_OBJECT_SHAPE
DBMS_REPCAT_UTL3.RETRY_NEEDED
DBMS_REPCAT_UTL4.COMPARE_SOURCE
DBMS_REPCAT_UTL4.COMPARE_TABLES
DBMS_REPCAT_UTL4.DROP_MASTER_REPOBJECT
DBMS_REPCAT_UTL4.ENSURE_MASTER
DBMS_REPCAT_UTL4.MASTERDEF_PREFIX
DBMS_REPCAT_UTL4.NAME_CONFLICT_EXISTS
DBMS_REPCAT_VALIDATE.VALIDATE

To reproduce the overflow, execute the next PL/SQL:

BEGIN
SYS.DBMS_REPCAT_AUTH.GRANT_SURROGATE_REPCAT('longstring');
END;

BEGIN
SYS.DBMS_REPCAT_AUTH.REVOKE_SURROGATE_REPCAT('longstring');
END;

etc.

Analysis:
This vulnerability can be exploited by members of SYSDBA role and users granted execute permissions on the packages.
Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DOS (Denial of service) killing Oracle server process.

Vendor Fix:
Fixed in Oracle 9ir2 Patchset 4 (9.2.0.5). 10g not vulnerable.