'[Full-disclosure] Team SHATTER Security Advisory: Buffer Overflow'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] Team SHATTER Security Advisory: Buffer Overflow
From:       Shatter <shatter () appsecinc ! com>
Date:       2009-08-28 15:20:40
Message-ID: BB184445F393D244AEB0312F069BAAB108093448C8 () mxe1 ! nycapt35k ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Team SHATTER Security Advisory

Buffer Overflow in Resource Manager of Oracle Database - Plan name parameter

August 27, 2009

Risk Level:
Medium

Affected versions:
Oracle Database Server version 9iR1 and 9iR2

Remote exploitable:
Yes (Authentication to Database Server is needed)

Credits:
This vulnerability was discovered and researched by Esteban Martínez Fayó of Application \
Security Inc.

Details:
The plan name parameter used in ALTER SYSTEM SET RESOURCE_MANAGER_PLAN statement and in \
SYS.DBMS_RESOURCE_MANAGER.SWITCH_PLAN procedure is vulnerable to buffer overflow attacks. When \
passing an overly long plan name string a buffer can be overflowed.

Impact:
To exploit this vulnerability it is required to have ALTER SYSTEM privilege. Exploitation of \
this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to \
cause DoS (Denial of service) killing the Oracle server process.

Vendor Status:
Vendor was contacted and a patch was released.

Workaround:
Restrict ALTER SYSTEM privilege.

Fix:
Apply Oracle Critical Patch Update July 2009 available at Oracle Metalink.

CVE:
CVE-2009-0979

Links:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html

Timeline:
Vendor Notification - 8/15/2007
Fix - 07/14/2009
Public Disclosure - 08/07/2009

Application Security, Inc's database security solutions have helped over 1,600 organizations \
secure their databases from all internal and external threats while also ensuring that those \
organizations meet or exceed regulatory compliance and audit requirements.

Disclaimer: The information in the advisory is believed to be accurate at the time of \
publishing based on currently available information. Use of the information constitutes \
acceptance for use in an AS IS condition. There are no warranties with regard to this \
information. Neither the author nor the publisher accepts any liability for any direct, \
indirect, or consequential loss or damage arising from use of, or reliance on, this \
                information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0

iD8DBQFKl/WO9EOAcmTuFN0RAsAOAJ0cy+JPiZ0vZ2YyMeEpq539Gmu3/gCfVH6N
yK2AcG2SQHNh90hQgkAAgv8=
=alV+
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic