|
#3 - Buffer overflow in public function INSTANTIATE_ONLINE of DBMS_REPCAT_INSTANTIATE package
August 31, 2004
Credit: These vulnerabilities were researched and discovered by Esteban Martínez Fayó of Application Security, Inc.
Risk level: High
Details:
Oracle Database Server provides the DBMS_REPCAT_INSTANTIATE package that can be used in replicated environments to manage the instantiation of deployment templates. This package contains a public function INSTANTIATE_ONLINE that is used to generate a script at the master site to create the materialized view environment at the remote materialized view site while online. When this function is called with a long string in the first parameter a buffer overflow occurs.
To reproduce the overflow, execute the next SQL:
SELECT DBMS_REPCAT_INSTANTIATE.INSTANTIATE_ONLINE ('longstring','') FROM Dual
Analysis:
By default DBMS_REPCAT_INSTANTIATE has EXECUTE permission to PUBLIC so any Oracle database user can exploit this vulnerability
Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DOS (Denial of service) killing Oracle server process.
Vendor Fix:
Fixed in Patchset 4 (9.2.0.5). 10g Not vulnerable.
|
