[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] Team SHATTER Security Advisory: Buffer Overflow
From: Shatter <shatter () appsecinc ! com>
Date: 2009-08-28 15:20:40
Message-ID: BB184445F393D244AEB0312F069BAAB108093448C8 () mxe1 ! nycapt35k ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Team SHATTER Security Advisory
Buffer Overflow in Resource Manager of Oracle Database - Plan name parameter
August 27, 2009
Risk Level:
Medium
Affected versions:
Oracle Database Server version 9iR1 and 9iR2
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Esteban Martínez Fayó of Application \
Security Inc.
Details:
The plan name parameter used in ALTER SYSTEM SET RESOURCE_MANAGER_PLAN statement and in \
SYS.DBMS_RESOURCE_MANAGER.SWITCH_PLAN procedure is vulnerable to buffer overflow attacks. When \
passing an overly long plan name string a buffer can be overflowed.
Impact:
To exploit this vulnerability it is required to have ALTER SYSTEM privilege. Exploitation of \
this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to \
cause DoS (Denial of service) killing the Oracle server process.
Vendor Status:
Vendor was contacted and a patch was released.
Workaround:
Restrict ALTER SYSTEM privilege.
Fix:
Apply Oracle Critical Patch Update July 2009 available at Oracle Metalink.
CVE:
CVE-2009-0979
Links:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html
Timeline:
Vendor Notification - 8/15/2007
Fix - 07/14/2009
Public Disclosure - 08/07/2009
Application Security, Inc's database security solutions have helped over 1,600 organizations \
secure their databases from all internal and external threats while also ensuring that those \
organizations meet or exceed regulatory compliance and audit requirements.
Disclaimer: The information in the advisory is believed to be accurate at the time of \
publishing based on currently available information. Use of the information constitutes \
acceptance for use in an AS IS condition. There are no warranties with regard to this \
information. Neither the author nor the publisher accepts any liability for any direct, \
indirect, or consequential loss or damage arising from use of, or reliance on, this \
information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0
iD8DBQFKl/WO9EOAcmTuFN0RAsAOAJ0cy+JPiZ0vZ2YyMeEpq539Gmu3/gCfVH6N
yK2AcG2SQHNh90hQgkAAgv8=
=alV+
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic