Logo Red-Database-Security GmbH 


Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i – 9i

Name                          Buffer Overflow in DBMS_SYSTEM.KSDWRT()  in Oracle8i - 9i
Systems Affected      Oracle 8i - Oracle9i (all platforms)
Severity                      Medium Risk
Category                     Denial of Service (Database Crash)
Vendor URL              http://www.oracle.com
Author                        Alexander Kornbrust (ak at red-database-security.com)
Date                            15 Apr 2005 (V 1.01)
Advisory                    RDS_20040903_3

Details

An Oracle user with the permission to execute the dbms_system package can crash the entire database by using a specially crafted parameter for the function KSDWRT().  By default only DBA users have access to this package.

It is possible sometimes for application developers or the application itself to have access to this package for writing messages into the alert.log. (Details how to use this package are published on OTN. http://otn.oracle.com/oramag/code/tips2003/011203.html)

Workarounds

Revoke grants from dbms_system.

Patch Information

Please see MetaLink Document ID 281189.1 for the patch download procedures and for the Patch Availability Matrix for this Oracle Security Alert.


http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=281189.1

History:

24 July 2003                           Oracle was informed
24 July 2003                           Bug confirmed
31 August 2004                      Oracle published alert 68

References:

http://www.idefense.com/application/poi/display?id=135&type=vulnerabilities&flashstatus=false
http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html
http://www.securityfocus.com/bid/11100
http://www.iss.net/security_center/search.php?type=2&pattern=oracle-dbmssystem-bo(17254)
http://xforce.iss.net/xforce/xfdb/17254

About Red-Database-Security GmbH

Red-Database-Security GmbH is a specialist in Oracle Security.

http://www.red-database-security.com/

info@red-database-security.com

(c) 2004 by Red-Database-Security GmbH