Oracle Database Command Line Buffer Overflow Lets Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1007956 |
|
SecurityTracker URL: http://securitytracker.com/id/1007956
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Oct 18 2003
|
Impact:
Execution of arbitrary code via local system, User access via local system
|
Exploit Included: Yes
|
Version(s): 9.2.0.4.0
|
Description:
A buffer overflow vulnerability was reported in the Oracle database. A local user can execute arbitrary code to gain elevated privileges on the target system.
c0ntex reported that a local user can pass a large input string to the database to trigger a buffer overflow and overwrite the EIP register to execute arbitrary code.
It is reported that the 'oracle' and 'oracleO' binaries are affected. Because the binaries are reportedly configured with set user id (setuid) 'oracle' user privileges, the arbitrary code will run with the privileges of the 'oracle' user.
The report indicates that Release 2 Patch Set 3 Ver 9.2.0.4.0 is vulnerable on Linux and AIX.
A demonstration exploit is available at:
http://packetstormsecurity.nl/0310-exploits/oracle_ownage.c
The vendor has reportedly been notified.
|
Impact:
A local user can execute arbitrary code with 'oracle' user privileges.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.oracle.com/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64)
|
Underlying OS Comments: Confirmed on Red Hat Linux and AIX
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
