Oracle9i Database FROM_TZ Overflow

2003-12-12T04:10:09
ID OSVDB:3839
Type osvdb
Reporter OSVDB
Modified 2003-12-12T04:10:09

Description

Vulnerability Description

Oracle 9i contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when calling the function FROM_TZ function using a long TIME ZONE parameter. This flaw may lead to a loss of Confidentiality, Integrity and/or Availability.

Solution Description

Upgrade to version Oracle 9.2.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Oracle 9i contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when calling the function FROM_TZ function using a long TIME ZONE parameter. This flaw may lead to a loss of Confidentiality, Integrity and/or Availability.

Manual Testing Notes

By using an SQL statement such as this the return address kan be overwritten: SELECT FROM_TZ(TIMESTAMP '2000-03-28 08:00:00','long string here') FROM DUAL;

References:

Vendor URL: http://metalink.oracle.com/ Secunia Advisory ID:10805 Related OSVDB ID: 3838 Related OSVDB ID: 3837 Related OSVDB ID: 3840 Other Advisory URL: http://www.nextgenss.com/advisories/ora_from_tz.txt Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html ISS X-Force ID: 15060 CVE-2003-1208