Oracle TEMPFILE Parameter Overflow

2004-08-31T18:40:41
ID OSVDB:9889
Type osvdb
Reporter Cesar Cerrudo(info@appsecinc.com)
Modified 2004-08-31T18:40:41

Description

Vulnerability Description

A remote overflow exists in Oracle Database Server. The server fails to properly sanitize user input supplied to the TEMPFILE parameter resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code or crash the server resulting in a loss of integrity or availability.

Technical Description

This may be exploited on ALTER DATABASE by users with ALTER DATABASE system privilege, on CREATE TABLESPACE by users with CREATE TABLESPASE system privilege, on ALTER TABLESPACE by users with ALTER TABLESPACE system privilege.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch (9ir2 Patchset 4 (9.2.0.5) patch 2) to address this vulnerability.

Short Description

A remote overflow exists in Oracle Database Server. The server fails to properly sanitize user input supplied to the TEMPFILE parameter resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code or crash the server resulting in a loss of integrity or availability.

References:

Vendor URL: http://www.oracle.com/ Vendor Specific Advisory URL US-CERT Cyber Security Alert: TA04-245A Secunia Advisory ID:12409 Other Advisory URL: http://www.appsecinc.com/resources/alerts/oracle/2004-0001/ Other Advisory URL: http://www.appsecinc.com/resources/alerts/oracle/2004-0001/13.html Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0041.html Keyword: AppSec Issue 13 Generic Informational URL: http://www.computerworld.com/securitytopics/security/story/0,10801,95013,00.html CIAC Advisory: o-209 Bugtraq ID: 10871