[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Buffer Overflow in SYS_CONTEXT() in Oracle 9i Rel.2
- To: <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: [Full-Disclosure] Buffer Overflow in SYS_CONTEXT() in Oracle 9i Rel.2
- From: "Kornbrust, Alexander" <ak@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 5 Sep 2004 22:38:51 +0200
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML
DIR=ltr><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html;
charset=iso-8859-1"></HEAD><BODY>
<DIV><FONT face=Arial color=#000000 size=2>
<DIV><FONT face=Arial color=#000000 size=2>
<DIV><FONT face=Arial color=#000000 size=2><A
href="http://www.red-database-security.com/advisory/advisory_20040903_2.htm";>http://www.red-database-security.com/advisory/advisory_20040903_2.htm</A></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#000000
size=2>###############################################################</FONT></DIV></FONT></DIV>
<DIV><FONT face=Arial color=#000000 size=2>RDS_20040903_2 -
Red-Database-Security GmbH Research Advisory </FONT></DIV><FONT face=Arial
color=#000000 size=2>
<DIV><BR>Name
Buffer Overflow in SYS_CONTEXT() in Oracle 9i Rel.2<BR>Systems
Affected Oracle9i Rel. 2 (Windows platform
only)<BR>Severity
Medium
Risk<BR>Category
Buffer Overflow<BR>Vendor
URL <A
href="http://www.oracle.com";>http://www.oracle.com</A><BR>Author
Alexander Kornbrust (ak at
red-database-security.com)<BR>Date
3 Sep 2004 (V 1.0)<BR>Advisory number
RDS_200400903_2</DIV>
<DIV> </DIV>
<DIV>Description<BR>###########<BR>Buffer Overflow in SYS_CONTEXT() in Oracle
9i
Rel.2.</DIV>
<DIV> </DIV>
<DIV>Details<BR>#######<BR>Any valid database user with the possibility to run
SQL commands (e.g. via SQL*Plus), <BR>can create a buffer overflow by abusing
the SYS_CONTEXT()-function. <BR>This vulnerability affects only the windows
versions of Oracle 9i Rel. 2 (9.2.0.0 - 9.2.0.4). </DIV>
<DIV>Oracle 9i Rel. 1 or Oracle 10g are NOT affected.</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Workarounds<BR>###########<BR>No workarounds available.</DIV>
<DIV> </DIV>
<DIV><BR>Patch Information<BR>#################<BR>Please see MetaLink Document
ID 281189.1 for the patch download procedures and for <BR>the Patch
Availability
Matrix for this Oracle Security Alert.</DIV>
<DIV><A
href="http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=281189.1";>http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=281189.1</A></DIV>
<DIV> </DIV>
<DIV>History:<BR>########<BR>2 September 2003 Oracle was informed <BR>2
September 2003 Bug confirmed<BR>31 August
2004 Oracle published alert 68</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>About Red-Database-Security
GmbH<BR>#################################<BR>Red-Database-Security GmbH is a
specialist in Oracle Security. </DIV>
<DIV><BR><A
href="http://www.red-database-security.com/";>http://www.red-database-security.com/</A></DIV>
<DIV><BR></FONT><FONT face="Times New Roman"
size=3> </FONT></DIV></FONT></DIV><DIV><FONT face='Arial' color=#000000
size=2></FONT> </DIV></BODY></HTML>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html