[Full-Disclosure] Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i

Sun, 05 Sep 2004 14:58:51 -0700

 
###############################################################
RDS_20040903_2 - Red-Database-Security GmbH Research Advisory

Name                    Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i
Systems Affected   Oracle 8i - Oracle9i (all platforms)
Severity                  Medium Risk
Category                Buffer Overflow/Denial of Service (Database Crash)
Vendor URL           http://www.oracle.com
Author                   Alexander Kornbrust (ak at red-database-security.com)
Date                      3 Sep 2004  (V 1.0)
Advisory number     RDS_200400903_3
 
Description
###########
Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i.
 
Details
#######
An Oracle user with the permission to execute the dbms_system package can crash
the entire database by using a specially crafted parameter for the function KSDWRT(). 
By default only DBA users have access to this package.
It is possible sometimes for application developers or the application itself to
have access to this package for writing messages into the alert.log.
(Details how to use this package are published on OTN.
http://otn.oracle.com/oramag/code/tips2003/011203.html)
 
 
Workarounds
###########
Revoke grants from dbms_system.
 

Patch Information
#################
Please see MetaLink Document ID 281189.1 for the patch download procedures
and for the Patch Availability Matrix for this Oracle Security Alert.
 
History:
########
24 July 2003         Oracle was informed
24 July 2003         Bug confirmed
31 August 2004    Oracle published alert 68
 
 

About Red-Database-Security GmbH
#################################
Red-Database-Security GmbH is a specialist in Oracle Security.

 
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

Reply via email to