|
#26 - Heap based buffer overflow Vulnerability in Oracle 10g iSQL*PLus Service
August 31, 2004
Credit: These vulnerabilities were researched and discovered by Esteban Martínez Fayó of Application Security, Inc.
Risk level: High
Details:
SQL*Plus is an interactive and batch query tool that is installed with every Oracle
Database Server or Client installation. It has a command-line user interface, a
Windows Graphical User Interface (GUI) and the iSQL*Plus web-based user
interface. iSQL*Plus is a browser-based interface which uses the SQL*Plus processing engine.
A heap overflow vulnerability exists on this service. To overflow the buffer you need to provide a long string in the 'username' or in the 'connectID' parameters of /isqlplus/login.uix
Analysis:
A remote unaunteticated user can execute arbitrary code in the context of the iSQLPlus Service.It can also be exploited to cause DOS (Denial of service) killing Oracle server process.
Vendor Fix:
Oracle 9i not affected. Fixed in Oracle 10g Patchset 1.
|
