|
Oracle Database
Buffer overflows and
Denial of service
vulnerabilities in
public procedures of
MDSYS.MD (DB12)
Jan 18, 2007 (Updated
July 18th, 2007)
Risk Level: High
Affected versions:
Oracle Database Server
versions 8i, 9i and
10gR1
Remote exploitable: Yes
(Authentication to
Database Server is
needed)
Credits:
This vulnerability was
discovered and
researched by Esteban
Martínez Fayó of
Application Security
Inc.
CVE:
CVE-2007-0272
Details:
Oracle Database Server
provides the MDSYS.MD
package that is used in
the Oracle Spatial
component. These
packages contain many
public procedures that
are vulnerable to buffer
overflow and denial of
service attacks.
Impact:
By default MDSYS.MD has
EXECUTE permission to
PUBLIC so any Oracle
database user can
exploit this
vulnerability.
Exploitation of this
vulnerability allows an
attacker to execute
arbitrary code. It can
also be exploited to
cause DOS (Denial of
service) killing Oracle
server process.
Vendor Status:
Vendor was contacted and
a patch was released.
Workaround:
Restrict access to the
MDSYS.MD package.
Fix:
Apply Oracle Critical
Patch Update July 2007
available at Oracle
Metalink.
Links:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html
http://www.appsecinc.com/resources/alerts/oracle/2007-05.shtml
|
