#9 - Buffer overflow in procedure CREATE_MVIEW_REPGROUP of DBMS_REPCAT package
August 31, 2004
Credit: These vulnerabilities were researched and discovered by Esteban Martínez Fayó of Application Security, Inc.
Risk level: Medium
Oracle Database Server provides the DBMS_REPCAT package that can be used to administer and update the replication catalog and environment. This package contains a procedure CREATE_MVIEW_REPGROUP used to create a new materialized view group in the local database. When this procedure is called with a long string in the fifth parameter a buffer overflow occurs.
To reproduce the overflow, execute the next PL/SQL:
DBMS_REPCAT.CREATE_MVIEW_REPGROUP ('', '', '', '', 'longstring', '');
This vulnerability can be exploited by members of EXECUTE_CATALOG_ROLE or SYSDBA roles and users granted execute permissions on DBMS_REPCAT package.
Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DOS (Denial of service) killing Oracle server process.
Fixed in Patchset 4 (22.214.171.124). 10g Not vulnerable.