Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i – 9i
Name Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i
Systems Affected Oracle 8i - Oracle9i (all platforms)
Severity Medium Risk
Category Denial of Service (Database Crash)
Vendor URL http://www.oracle.com
Author Alexander Kornbrust (ak at red-database-security.com)
Date 15 Apr 2005 (V 1.01)
Advisory RDS_20040903_3
Details
An Oracle user with the permission to execute the dbms_system package can crash the entire database by using a specially crafted parameter for the function KSDWRT(). By default only DBA users have access to this package.
It is possible sometimes for application developers or the application itself to have access to this package for writing messages into the alert.log. (Details how to use this package are published on OTN. http://otn.oracle.com/oramag/code/tips2003/011203.html)
Workarounds
Revoke grants from dbms_system.
Patch Information
Please see MetaLink Document ID 281189.1 for the patch download procedures and for the Patch Availability Matrix for this Oracle Security Alert.
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=281189.1
History:
24 July 2003 Oracle was informed
24 July 2003 Bug confirmed
31 August 2004 Oracle published alert 68
References:
http://www.idefense.com/application/poi/display?id=135&type=vulnerabilities&flashstatus=false
http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html
http://www.securityfocus.com/bid/11100
http://www.iss.net/security_center/search.php?type=2&pattern=oracle-dbmssystem-bo(17254)
http://xforce.iss.net/xforce/xfdb/17254
About Red-Database-Security GmbH
Red-Database-Security GmbH is a specialist in Oracle Security.
http://www.red-database-security.com/
info@red-database-security.com
(c) 2004 by
Red-Database-Security GmbH