|
#34 - Buffer overflow in procedure ENABLE_RECEIVER_TRACE of DBMS_INTERNAL_REPCAT package
August 31, 2004
Credit: These vulnerabilities were researched and discovered by Esteban Martínez Fayó of Application Security, Inc.
Risk level: Medium
Details:
When ENABLE_RECEIVER_TRACE procedure is called with a long string in the GNAME parameter a buffer overflow occurs.
To reproduce the overflow, execute the next PL/SQL:
BEGIN
SYS.DBMS_INTERNAL_REPCAT.ENABLE_RECEIVER_TRACE (GNAME => 'longstring');
END;
Analysis:
This vulnerability can be exploited by members of EXECUTE_CATALOG_ROLE or SYSDBA role and users granted execute permissions on DBMS_INTERNAL_REPCAT package.
Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DOS (Denial of service) killing Oracle server process.
Vendor Fix:
Fixed in Patchset 4 (9.2.0.5). 10g Not vulnerable.
|
