|
Oracle Database
Buffer overflow
vulnerabilities in
procedure
DBMS_DRS.GET_PROPERTY
(DB03)
Jan 18, 2007 (Updated
July 18th, 2007)
Risk Level: Medium
Affected versions:
Oracle Database Server
versions 9i, 9iR2, 10gR1
and 10gR2
Remote exploitable: Yes
(Authentication to
Database Server is
needed)
Credits:
This vulnerability was
discovered and
researched by Esteban
Martínez Fayó of
Application Security
Inc.
CVE:
CVE-2007-0270
Details:
Oracle Database Server
provides the DBMS_DRS
package that includes
procedures used in
Oracle Data Guard. This
package contains the
function GET_PROPERTY
which is vulnerable to
buffer overflow attacks.
Impact:
Any Oracle database user
with EXECUTE privilege
on the package
SYS.DBMS_DRS can exploit
this vulnerability.
Exploitation of this
vulnerability allows an
attacker to execute
arbitrary code. It can
also be exploited to
cause DOS (Denial of
service) killing Oracle
server process.
Vendor Status:
Vendor was contacted and
a patch was released.
Workaround:
Restrict access to the
SYS.DBMS_DRS package.
Fix:
Apply Oracle Critical
Patch Update July 2007
available at Oracle
Metalink.
Links:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html
http://www.appsecinc.com/resources/alerts/oracle/2007-04.shtml
|
