SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Database)  >   Oracle Database Vendors:   Oracle
Oracle Database Command Line Buffer Overflow Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1007956
SecurityTracker URL:  http://securitytracker.com/id/1007956
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 18 2003
Impact:   Execution of arbitrary code via local system, User access via local system
Exploit Included:  Yes  
Version(s): 9.2.0.4.0
Description:   A buffer overflow vulnerability was reported in the Oracle database. A local user can execute arbitrary code to gain elevated privileges on the target system.

c0ntex reported that a local user can pass a large input string to the database to trigger a buffer overflow and overwrite the EIP register to execute arbitrary code.

It is reported that the 'oracle' and 'oracleO' binaries are affected. Because the binaries are reportedly configured with set user id (setuid) 'oracle' user privileges, the arbitrary code will run with the privileges of the 'oracle' user.

The report indicates that Release 2 Patch Set 3 Ver 9.2.0.4.0 is vulnerable on Linux and AIX.

A demonstration exploit is available at:

http://packetstormsecurity.nl/0310-exploits/oracle_ownage.c

The vendor has reportedly been notified.

Impact:   A local user can execute arbitrary code with 'oracle' user privileges.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.oracle.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64)
Underlying OS Comments:  Confirmed on Red Hat Linux and AIX

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 20 2003 (Vendor Describes Workaround) Re: Oracle Database Command Line Buffer Overflow Lets Local Users Gain Elevated Privileges
Oracle has described a workaround while a patch is pending.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC