Info

Disclosure

Aug 31, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in Oracle Database Server. The server fails to properly sanitize user input supplied to the first or second parameter of the SYSTIMESTAMP function resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code or crash the server resulting in a loss of integrity or availability.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Commercial
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch to address this vulnerability: 9ir2 Patchset 4 (9.2.0.5) Patch 2 10g Release 1

Products

Oracle Corporation	Database Server	R2 9.2.0.4
		R1 9.0.1.4
		R1 9.0.1.5
		R2 9.2.0.5
		R1 9.0.4
		R3 8.1.7.4
	Oracle 10g	R1 10.1.0.2

References

Bugtraq ID: 10871
Secunia Advisory ID: 12409
Keyword: AppSec Issue 18
Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0041.html
Other Advisory URL: http://www.appsecinc.com/resources/alerts/oracle/2004-0001/
http://www.appsecinc.com/resources/alerts/oracle/2004-0001/18.html
Generic Informational URL: http://www.computerworld.com/securitytopics/security/story/0,10801,95013,00.html
Vendor URL: http://www.oracle.com/
Vendor Specific Advisory URL: http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/oracle_string_conversion
CIAC Advisory: o-209
US-CERT Cyber Security Alert: TA04-245A

Credit

Cesar Cerrudo -

Direct URL: http://osvdb.org/9890

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Oracle Corporation

Database Server

Oracle 10g

References

Credit