In association with heise online

08 November 2007, 13:45

Buffer Overflow in Oracle Database Server

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A vulnerability in Oracle Database Server allows authenticated users to execute arbitrary code on a system with the privileges of the database. Among other things, the flaw can be exploited to manipulate content or conduct further attacks on the underlying operating system. According to iDefense, the cause is a buffer overflow in the procedure XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA, which can be provoked by means of specially crafted OWNER and NAME parameters. When the procedure uses these two parameters to create a SQL query, it unfortunately does not verify their length.

According to the security advisory, attackers do not need any special database privileges to be able to exploit the flaw. On the other hand, a successful attack from a normal account would probably only be possible within a LAN. Version 10 Release 2 is affected, as probably are previous versions. Oracle has been informed of the problem and says it plans to remedy the flaw in an upcoming Critical Patch Update (CPU). There is no workaround. iDefense does not say whether the flaw also affects the latest version 11g.

Database security specialist Alexander Kornbrust writes that an exploit that crashes Oracle is already in circulation. According to his description, only "Create Session" privileges are required for the attack to succeed. However, the security patches from the April 2007 CPU reportedly remedied the problem, so users apparently do not need to wait for the next CPU as iDefense claimed.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit