[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i
- To: <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: [Full-Disclosure] Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i
- From: "Kornbrust, Alexander" <ak@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 5 Sep 2004 22:38:46 +0200
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML
DIR=ltr><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html;
charset=iso-8859-1"></HEAD><BODY><DIV><FONT face='Arial' color=#000000 size=2>
<DIV><FONT face=Arial color=#000000 size=2>
<DIV><FONT face=Arial color=#000000 size=2><A
href="http://www.red-database-security.com/advisory/advisory_20040903_3.htm";>http://www.red-database-security.com/advisory/advisory_20040903_3.htm</A></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#000000
size=2>###############################################################</FONT></DIV>
<DIV>RDS_20040903_2 - Red-Database-Security GmbH Research Advisory </DIV>
<DIV><BR>Name
Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i<BR>Systems
Affected Oracle 8i - Oracle9i (all
platforms)<BR>Severity
Medium
Risk<BR>Category
Buffer Overflow/Denial of Service (Database Crash)<BR>Vendor
URL <A
href="http://www.oracle.com";>http://www.oracle.com</A><BR>Author
Alexander Kornbrust (ak at
red-database-security.com)<BR>Date
3 Sep 2004 (V 1.0)<BR>Advisory number
RDS_200400903_3</DIV>
<DIV> </DIV>
<DIV>Description<BR>###########<BR>Buffer Overflow in DBMS_SYSTEM.KSDWRT() in
Oracle8i - 9i.</DIV>
<DIV> </DIV>
<DIV>Details<BR>#######<BR>An Oracle user with the permission to execute the
dbms_system package can crash <BR>the entire database by using a specially
crafted parameter for the function KSDWRT(). <BR>By default only DBA
users
have access to this package. </DIV>
<DIV>It is possible sometimes for application developers or the application
itself to <BR>have access to this package for writing messages into the
alert.log. </DIV>
<DIV>(Details how to use this package are published on OTN. <BR><A
href="http://otn.oracle.com/oramag/code/tips2003/011203.html";>http://otn.oracle.com/oramag/code/tips2003/011203.html</A>)</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Workarounds<BR>###########<BR>Revoke grants from dbms_system. </DIV>
<DIV> </DIV>
<DIV><BR>Patch Information<BR>#################<BR>Please see MetaLink Document
ID 281189.1 for the patch download procedures <BR>and for the Patch
Availability
Matrix for this Oracle Security Alert.</DIV>
<DIV><A
href="http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=281189.1";>http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=281189.1</A></DIV>
<DIV> </DIV>
<DIV>History:<BR>########<BR>24 July
2003 Oracle was informed <BR>24
July 2003 Bug confirmed<BR>31
August 2004 Oracle published alert 68</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><BR>About Red-Database-Security
GmbH<BR>#################################<BR>Red-Database-Security GmbH is a
specialist in Oracle Security. </DIV>
<DIV><BR><A
href="http://www.red-database-security.com/";>http://www.red-database-security.com/</A></DIV>
<DIV><BR> </DIV></FONT></DIV></FONT></DIV></BODY></HTML>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html