CVE-2009-0979

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2009-0979 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Esteban Mart nez Fay .

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2009-0979

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Oracle Database Server version 9iR1 and 9iR2

The plan name parameter used in ALTER SYSTEM SET RESOURCE_MANAGER_PLAN statement and in SYS.DBMS_RESOURCE_MANAGER.SWITCH_PLAN procedure is vulnerable to buffer overflow attacks. When passing an overly long plan name string a buffer can be overflowed.

Workaround
Restrict ALTER SYSTEM privilege.

Patch Availability:
Apply Oracle Critical Patch Update July 2009 available here:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html

CVE Information:
CVE-2009-0979

Disclosure Timeline:
8/15/2007 - Vendor Notification
07/14/2009 - Fix
08/07/2009 - Public Disclosure

--------------------------------------------------------------------------------------------------------------------------------
Find out how to use a SQL injection vulnerability scanner.

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus