Lucene search

SAINT CorporationSAINT:60DE4351E36207AD12B493ABB4FCBF6A

HistoryDec 18, 2006 - 12:00 a.m.

Oracle MD2 component SDO_CODE_SIZE buffer overflow

2006-12-1800:00:00

SAINT Corporation

my.saintcorporation.com

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

Added: 12/18/2006
CVE: CVE-2004-1774
BID: 10871
OSVDB: 9867

Background

Oracle Database is a relational database solution available for multiple platforms.

Problem

A buffer overflow in the SDO_CODE_SIZE function in the MD2 component of Oracle Database allows remote attackers to execute arbitrary commands.

Resolution

Apply the update referenced in Oracle Alert #68.

References

<http://www.kb.cert.org/vuls/id/316206>
<http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0041.html>

Limitations

Exploit works on Oracle Database 10g 10.1.0.2 and requires the login and password of a valid database user.

Platforms

Windows

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

Related for SAINT:60DE4351E36207AD12B493ABB4FCBF6A