Team SHATTER Security Advisory: Buffer Overflow in Resource Manager of Oracle Database - Plan name parameter
-----BEGIN PGP SIGNED MESSAGE-----
Team SHATTER Security Advisory
Buffer Overflow in Resource Manager of Oracle Database - Plan name paramete=
August 27, 2009
Oracle Database Server version 9iR1 and 9iR2
Yes (Authentication to Database Server is needed)
This vulnerability was discovered and researched by Esteban Mart=EDnez Fay=
=F3 of Application Security Inc.
The plan name parameter used in ALTER SYSTEM SET RESOURCE_MANAGER_PLAN stat=
ement and in SYS.DBMS_RESOURCE_MANAGER.SWITCH_PLAN procedure is vulnerable =
to buffer overflow attacks. When passing an overly long plan name string a =
buffer can be overflowed.
To exploit this vulnerability it is required to have ALTER SYSTEM privilege=
. Exploitation of this vulnerability allows an attacker to execute arbitrar=
y code. It can also be exploited to cause DoS (Denial of service) killing t=
he Oracle server process.
Vendor was contacted and a patch was released.
Restrict ALTER SYSTEM privilege.
Apply Oracle Critical Patch Update July 2009 available at Oracle Metalink.
Vendor Notification - 8/15/2007
Fix - 07/14/2009
Public Disclosure - 08/07/2009
Application Security, Incs database security solutions have helped over 1,=
600 organizations secure their databases from all internal and external thr=
eats while also ensuring that those organizations meet or exceed regulatory=
compliance and audit requirements.
Disclaimer: The information in the advisory is believed to be accurate at t=
he time of publishing based on currently available information. Use of the =
information constitutes acceptance for use in an AS IS condition. There are=
no warranties with regard to this information. Neither the author nor the =
publisher accepts any liability for any direct, indirect, or consequential =
loss or damage arising from use of, or reliance on, this information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0
-----END PGP SIGNATURE-----