Oracle DBMS_AQADM Package Multiple Procedure Overflow

2004-08-31T19:09:25
ID OSVDB:9876
Type osvdb
Reporter Esteban Martinez Fayo(info@appsecinc.com)
Modified 2004-08-31T19:09:25

Description

Vulnerability Description

A remote overflow exists in Oracle Database Server DBMS_AQADM package. The package fails to properly sanitize user input to the SRC_QUEUE_NAME parameter which is passed to the VERIFY_QUEUE_TYPES_GET_NRP procedure or VERIFY_QUEUE_TYPES_NO_QUEUE procedure resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code or crash the server resulting in a loss of integrity or availability.

Technical Description

This may be exploited by members with EXECUTE_CATALOG_ROLE, IMP_FULL_DATABASE, IMP_FULL_DATABASE, QS_ADM, QS, QS_WS, QS_ES, QS_OS, QS_CBADM, QS_CB, QS_CS, or SYSDBA role access with execute permissions on the DBMS_AQADM package.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch (Patchset 4 (9.2.0.5)) to address this vulnerability.

Short Description

A remote overflow exists in Oracle Database Server DBMS_AQADM package. The package fails to properly sanitize user input to the SRC_QUEUE_NAME parameter which is passed to the VERIFY_QUEUE_TYPES_GET_NRP procedure or VERIFY_QUEUE_TYPES_NO_QUEUE procedure resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code or crash the server resulting in a loss of integrity or availability.

References:

Vendor URL: http://www.oracle.com/ Vendor Specific Advisory URL US-CERT Cyber Security Alert: TA04-245A Secunia Advisory ID:12409 Other Advisory URL: http://www.appsecinc.com/resources/alerts/oracle/2004-0001/28.html Other Advisory URL: http://www.appsecinc.com/resources/alerts/oracle/2004-0001/ Other Advisory URL: http://www.appsecinc.com/resources/alerts/oracle/2004-0001/29.html Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0041.html Keyword: AppSec Issue 28/29 Generic Informational URL: http://www.computerworld.com/securitytopics/security/story/0,10801,95013,00.html CIAC Advisory: o-209 Bugtraq ID: 10871