|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=622
|
| |
Vulnerable Systems:
* Oracle Database 10g Release 2 with all Critical Patch Updates as of February 2007
The XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure takes two arguments, OWNER and NAME. The lengths of these arguments are used by an internal function to construct an SQL query without being adequately sanitized. If the combined length of the two fields is too large, a buffer overflow occurs, allowing arbitrary code execution.
Analysis:
Exploitation of this vulnerability allows an authenticated remote user to execute code on the underlying system in the context of the database account. Other than access to execute the vulnerable function, this vulnerability does not require any special privileges. From the database user account, an attacker can then access or modify the database and files related to its operation.
Vendor response:
Oracle Corp. has been contacted and stated the following.
" Tracking #: 9219583 Description: BUFFER OVERFLOW IN XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA Status: Issue fixed in main codeline, scheduled for a future CPU "
CVE Information:
CVE-2007-4517
Disclosure timeline:
02/01/2007 - Initial vendor notification
02/01/2007 - Initial vendor response
11/07/2007 - Public disclosure
|
|
|
|
|
