From: Shatter <shatter@appsecinc.com.>
To: Bugtraq <bugtraq@securityfocus.com.>,
Date: Tue, 3 Feb 2009 12:57:56 -0500
Subject: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in
SYS.OLAPIMPL_T.ODCITABLESTART
Thread-Topic: Team SHATTER Security Advisory: Oracle Database Buffer
Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
Thread-Index: AcmGKPGO7NgRSJfjSzSfOUTRSnDQZg==
Message-ID: <BB184445F393D244AEB0312F069BAAB105BC9D75C9@mxe1.nycapt35k.com.>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
January 29, 2009
Risk Level:
High
Affected versions:
Oracle Database Server version 9iR2
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:=20
This vulnerability was discovered and researched by Esteban Mart=EDnez Fay=
=F3 of Application Security Inc.=20
Details:=20
Oracle Database Server provides the SYS.OLAPIMPL_T package. This package co=
ntains the procedure ODCITABLESTART which is vulnerable to buffer overflow =
attacks.
Impact:
By default SYS.OLAPIMPL_T has EXECUTE permission to PUBLIC so any Oracle da=
tabase user can exploit this vulnerability. Exploitation of this vulnerabil=
ity allows an attacker to execute arbitrary code. It can also be exploited =
to cause DoS (Denial of service) killing the Oracle server process.
Vendor Status:
Vendor was contacted and a patch was released.
Workaround:
Restrict access to the SYS.OLAPIMPL_T package.
Fix:
Apply Oracle Critical Patch Update January 2009 available at Oracle Metalin=
k.
CVE:
CVE-2008-3974
Links:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpu=
jan2009.html
http://www.appsecinc.com/resources/alerts/oracle/2009-02.shtml
Timeline:
Vendor Notification - 2/22/2005
Fix - 1/13/2009
Public Disclosure - 1/29/2009
Application Security, Inc's database security solutions have helped over 10=
00 organizations secure their databases from all internal and external thre=
ats while also ensuring that those organizations meet or exceed regulatory =
compliance and audit requirements.=20
Disclaimer: The information in the advisory is believed to be accurate at t=
he time of publishing based on currently available information. Use of the =
information constitutes acceptance for use in an AS IS condition. There are=
no warranties with regard to this information. Neither the author nor the =
publisher accepts any liability for any direct, indirect, or consequential =
loss or damage arising from use of, or reliance on, this information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0
iD8DBQFJiIWQ9EOAcmTuFN0RAv+kAJ9RjYAJaLMJoNMvVs4yexLgE7KZ3ACgsaf2
W5Hipr89dBLv1um+VRaM9Ds=3D
=3DcLj7
-----END PGP SIGNATURE-----
