Oracle Database MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow Vulnerability
BID:13145
Info
Oracle Database MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow Vulnerability
| Bugtraq ID: | 13145 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2005 12:00AM |
| Updated: | Apr 13 2005 12:00AM |
| Credit: | This issue was reported by Esteban Martinez Fayo <[email protected]>. |
| Vulnerable: |
Oracle Oracle10g Standard Edition 10.1 .0.2 Oracle Oracle10g Personal Edition 10.1 .0.2 Oracle Oracle10g Enterprise Edition 10.1 .0.2 Oracle Oracle10g Application Server 10.1 .0.2 |
| Not Vulnerable: | |
Discussion
Oracle Database MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow Vulnerability
Oracle Database is reported prone to a buffer overflow vulnerability.
Reportedly this issue affects the 'MDSYS.MD2.SDO_CODE_SIZE' procedure. An attacker can supply excessive data to an affected routine resulting in overflowing a destination buffer. This issue can be leveraged to execute arbitrary code and gain 'SYSDBA' privileges.
It is conjectured that authentication is required to carry out an attack.
This BID will be updated when more information is available.
Oracle Database is reported prone to a buffer overflow vulnerability.
Reportedly this issue affects the 'MDSYS.MD2.SDO_CODE_SIZE' procedure. An attacker can supply excessive data to an affected routine resulting in overflowing a destination buffer. This issue can be leveraged to execute arbitrary code and gain 'SYSDBA' privileges.
It is conjectured that authentication is required to carry out an attack.
This BID will be updated when more information is available.
Exploit / POC
Oracle Database MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow Vulnerability
Proof of concept code is available:
Proof of concept code is available:
Solution / Fix
Oracle Database MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow Vulnerability
Solution:
It is reported that this issue has been addressed by Oracle. This cannot be confirmed at the moment. Please see the referenced Oracle advisory and contact the vendor for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It is reported that this issue has been addressed by Oracle. This cannot be confirmed at the moment. Please see the referenced Oracle advisory and contact the vendor for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Oracle Database MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow Vulnerability
References:
References:
- Critical Patch Update - April 2005 (Oracle)
- Oracle Homepage (Oracle)