NGSSoftware Insight Security Research Advisory Name: Oracle 9iAS Reports Server Systems: All Severity: High Risk Category: Remote Buffer Overrun Vulnerability Vendor URL: http://www.oracle.com/ Author: David Litchfield (davidat_private) Advisory URL: http://www.ngssoftware.com/advisories/orarep.txt Date: 12th June 2002 Advisory number: #NISR12062002B (VNA Reference: http://www.nextgenss.com/vna/ora-reports.txt ) Description *********** Oracle's Report Server contains a remotely exploitable buffer overrun vulnerability in one of its CGI based programs. Details ******* By supplying an overly long database name parameter to the rwcgi60 with the setauth method, a remote attacker can overwrite a saved return address on the stack, gaining control over the processes execution. Any exploit code supplied by the attacker will run in the security context of account the web server is running as. Normally on platforms running a unix variant the account has limited privileges; However, on Windows based system the web server, by default, runs in the context of the local SYSTEM account. Fix Information *************** NGSSoftware alerted Oracle to this problem on December the 17th 2001 and Oracle have now released patches which are available from the Metalink site. The patch number is 2356680.
This archive was generated by hypermail 2b30 : Wed Jun 12 2002 - 08:11:09 PDT