|
Products
Repscan 2008
PLSQL-Scanner
Hedgehog Enterprise
Checkpwd (free)
Services
Oracle Audit / Hardening
Security Training
Consulting
Information
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Videos
Scripts
News & Events
Events
News
Company
Blog
Contact
People
Partner
Impressum
Sitemap
Search
|
Buffer Overflow in DBMS_REPCAT_RGT in Oracle 9i
| Name |
Buffer Overflow Oracle DBMS_REPCAT_RGT in Oracle 9i (up to 9.2.0.4) |
| |
|
| Systems Affected |
Oracle 9i |
| Severity |
Medium Risk |
| Category |
Buffer Overflow |
| Vendor URL |
http://www.oracle.com/ |
| Credit |
Esteban Martinez Fayo (<argeniss>dot<com>) |
| Exploit |
http://www.appsecinc.com |
| Date |
10 May 2005 (V 1.00) |
Details
Buffer Overflow in DBMS_REPCAT_RGT. This package has EXECUTE permission granted to SYSDBA or EXECUTE_CATALOG_ROLE. Members of these groups can exploit this vulnerability and crash the database or execute arbitrary code.
Example
SELECT DBMS_REPCAT_RGT.INSTANTIATE_OFFLINE ('longstring', '', '') FROM Dual;
SELECT DBMS_REPCAT_RGT.INSTANTIATE_ONLINE ('some_refresh_template_name', '', 'longstring') FROM Dual;
BEGIN
DBMS_REPCAT_RGT.DROP_SITE_INSTANTIATION ('longstring', '', '');
END;
Patch Information
Apply the latest Oracle Security patches (e.g. CPU October 2004 or at least alert 68).
© 2005 by Red-Database-Security GmbH - last update 02-nov-2005
|
Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.
|
