NGSSoftware Insight Security Research Advisory Name: Oracle 10g/9i wrapped procedure buffer overflow Systems Affected: Oracle 10g/9i on all operating systems Severity: High risk Vendor URL: http://www.oracle.com/ Author: David Litchfield [ davidl at ngssoftware.com ] Relates to: http://www.nextgenss.com/advisories/oracle-01.txt Date of Public Advisory: 23rd December 2004 Advisory number: #NISR2122004J Advisory URL: http://www.ngssoftware.com/advisories/oracle23122004J.txt Description *********** The code for PL/SQL procedures can be encrypted or "wrapped" to use the Oracle term. When a wrapped procedure is created a buffer overflow vulnerability can be triggered. Details ******* By placing an overly token in the text of a procedure that has been wrapped with version 9 and stack based buffer is overflowed in the Oracle server when the procedure is created. Exploitation of this allows an attacker to run code as the Oracle user. Fix Information *************** A patch (#68) was released for this problem by Oracle. See http://metalink.oracle.com/ for more details. NGSSQuirreL for Oracle (http://www.nextgenss.com/squirrelora.htm), can be used to assess whether your Oracle servers are vulnerable to this. About NGSSoftware ***************** NGSSoftware design, research and develop intelligent, advanced application security assessment scanners. Based in the United Kingdom, NGSSoftware have offices in the South of London and the East Coast of Scotland. NGSSoftware's sister company NGSConsulting, offers best of breed security consulting services, specialising in application, host and network security assessments. http://www.ngssoftware.com/ Telephone +44 208 401 0070 Fax +44 208 401 0076 enquiries@private
This archive was generated by hypermail 2.1.3 : Thu Dec 23 2004 - 18:25:14 PST