Oracle Database Server PITRIG_DROPMETADATA Remote Buffer Overflow Vulnerability
BID:26374
Info
Oracle Database Server PITRIG_DROPMETADATA Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 26374 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4517 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 07 2007 12:00AM |
| Updated: | Nov 15 2011 12:47AM |
| Credit: | The discoverer of this issue wishes to remain anonymous. |
| Vulnerable: |
Oracle Oracle10g Standard Edition 10.2 .3 Oracle Oracle10g Standard Edition 10.2 .2 Oracle Oracle10g Standard Edition 10.2 .1 Oracle Oracle10g Personal Edition 10.2 .3 Oracle Oracle10g Personal Edition 10.2 .2 Oracle Oracle10g Personal Edition 10.2 .1 Oracle Oracle10g Enterprise Edition 10.2 .3 Oracle Oracle10g Enterprise Edition 10.2 .2 Oracle Oracle10g Enterprise Edition 10.2 .1 |
| Not Vulnerable: | |
Discussion
Oracle Database Server PITRIG_DROPMETADATA Remote Buffer Overflow Vulnerability
Oracle Database Server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An authenticated attacker can exploit this issue to execute arbitrary code within the context of the database account. Failed exploit attempts will result in a denial of service.
Oracle Database Server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An authenticated attacker can exploit this issue to execute arbitrary code within the context of the database account. Failed exploit attempts will result in a denial of service.
Exploit / POC
Oracle Database Server PITRIG_DROPMETADATA Remote Buffer Overflow Vulnerability
The following proof of concept and exploit code is available:
The following proof of concept and exploit code is available:
Solution / Fix
Oracle Database Server PITRIG_DROPMETADATA Remote Buffer Overflow Vulnerability
Solution:
The vendor is developing a fix to address this issue in a future release. Please see the references for more information.
Solution:
The vendor is developing a fix to address this issue in a future release. Please see the references for more information.
References
Oracle Database Server PITRIG_DROPMETADATA Remote Buffer Overflow Vulnerability
References:
References:
- Oracle Homepage (Oracle)
- Oracle 10g R2 PITRIG_DROPMETADATA Buffer Overflow Vulnerability (iDefense Labs
) - Oracle 10g R2 PITRIG_DROPMETADATA Buffer Overflow Vulnerability (iDefense Labs)