Red-Database-Security GmbH is specialized in Oracle Security

Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published AlertsRSS Published Alerts
Upcoming AlertsRSS Published Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i

Name Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i
Systems Affected Oracle 8i - Oracle9i (all platforms)
Severity Medium Risk
Category Denial of Service (Database Crash)
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory 25 Apr 2005 (V 1.01)
Bugno RDS_20040903_3
Time to fix 404 days


Details
An Oracle user with the permission to execute the dbms_system package can crash the entire database by using a specially crafted parameter for the function dbms_system . KSDWRT(). By default only DBA users have access to this package.

It is possible sometimes for application developers or the application itself to have access to this package for writing messages into the alert.log.

(Details how to use this package are published on OTN).


Workarounds
Revoke grants from dbms_system.


Example
execute sys.dbms_system.ksdwrt(2,'!!!!... (1512 exclamation marks)');

Patch Information
Please see MetaLink document ID 281189.1 for the patch download procedures and for the Patch Availability Matrix for this Oracle Security Alert.

[metalink.oracle.com]

History
24-jul-2003 Oracle secalert was informed
24-jul-2003 Bug confirmed
31-aug-2004 Oracle published alert 68
25-apr-2005 Example and time to fix added


2005 by Red-Database-Security GmbH - last update 03-nov-2005

Oracle Workflow

Oracle Workflow is a complete business process management solution embedded in the Oracle database.

Its technology enables modeling, automation, and continuous improvement of business processes, routing information of any type according to user-defined business rules.

Oracle Workflow provides customers a scalable, production workflow system tuned for the high volumes associated with enterprise applications.