OSVDB ID: 40300

Title: Oracle Database XML DB XDB.XDB_PITRIG_PKG Package PITRIG_TRUNCATE Function Overflow

Info

Disclosure

Jan 16, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Commercial
Disclosure: Vendor Verified
OSVDB: Authentication Required

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch to address this vulnerability.

Products

Unknown or Incomplete

References

Security Tracker: 1019218
CVE ID: 2008-0339 (see also: NVD)
Bugtraq ID: 27229
Secunia Advisory ID: 28518 28556
Related OSVDB ID: 40279 40280 40281 40282 40283 40284 40285 40286 40287 40288 40289 40290 40293 40294 40295 40296 40297 40298 40301 40302 40303 40304 40305 40306 41689
VUPEN Advisory: ADV-2008-0150
Other Advisory URL: http://dsecrg.com/pages/vul/show.php?id=19
http://www.us-cert.gov/cas/techalerts/TA08-017A.html
http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=c00727143
News Article: http://www.infoworld.com/article/08/01/10/Oracle-to-ship-critical-security-patches_1.html
http://www.techworld.com/security/news/index.cfm?newsID=11100
Vendor Specific Advisory URL: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/oracle_xdb_pitrig_truncate
CERT: TA08-017A

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/40300