SAINT CorporationSAINT:52EF272F070B994F210CEEC672F68FD2Oracle XDB component PITRIG_TRUNCATE buffer overflow
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
95.5%
Added: 02/01/2008
CVE: CVE-2008-0339
BID: 27229
OSVDB: 40300
Background
The PITRIG_TRUNCATE function is included in the XDB.XDB_PITRIG_PKG package which is included with Oracle Database.
Problem
A buffer overflow vulnerability in the PITRIG_TRUNCATE function allows remote, authenticated attackers to execute arbitrary commands by specifying an OWNER and NAME parameter with a long combined length.
Resolution
Apply the appropriate update referenced in the January 2008 Critical Patch Update.
References
<http://www.us-cert.gov/cas/techalerts/TA08-017A.html>
Limitations
Exploit works on Oracle Database Server 10g 10.1.0.5 and requires the login and password of an Oracle user with EXECUTE privileges on the XDB.XDB_PITRIG_PKG package.
Platforms
Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
95.5%