OSVDB ID: 9867

Title: Oracle MD2 Package Multiple Procedure Overflow

Info

Disclosure
Aug 31, 2004

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 A remote overflow exists in Oracle Database Server MD2 package. The package fails to properly sanitize user input supplied to the LAYER parameter which is passed to the SDO_CODE_SIZE procedure or VALIDATE_GEOM procedure resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code or crash the server resulting in a loss of integrity or availability.

Classification

 Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Solution: Patch / RCS
Exploit: Exploit Commercial
Disclosure: OSVDB Verified, Vendor Verified

Solution

 Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch to address this vulnerability: 9i Patchset 4 (9.2.0.5) 10g (10.1.0.2) Patch 2

Products

Oracle Corporation

Database Server

 R2 9.2.0.4
R1 9.0.1.4
R1 9.0.1.5
R2 9.2.0.5
R1 9.0.4
R3 8.1.7.4

Database 10g

 R1 10.1.0.2

References

Credit
  • Esteban Martinez Fayo - infoappsecinc.com - Application Security, Inc.


Direct URL: http://osvdb.org/9867