Oracle Session Manipulation set events Overflow

2006-07-27T14:13:45
ID OSVDB:29179
Type osvdb
Reporter putosoft softputo(hasecorp@hotmail.com)
Modified 2006-07-27T14:13:45

Description

Vulnerability Description

A local overflow has been reported in Oracle. The database reportedly fails to check the bounds of a 'alter session set events' command resulting in a buffer overflow. Subsequent examination by third parties indicates that while there may be an overflow present, the privilege required to exploit it would preclude privilege escalation.

Solution Description

The vulnerability reported is incorrect. No solution required.

Short Description

A local overflow has been reported in Oracle. The database reportedly fails to check the bounds of a 'alter session set events' command resulting in a buffer overflow. Subsequent examination by third parties indicates that while there may be an overflow present, the privilege required to exploit it would preclude privilege escalation.

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0511.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0683.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0496.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0695.html