Oracle MD2 component SDO_CODE_SIZE buffer overflow

2006-12-18T00:00:00
ID SAINT:868EBEF4A411E764478BB819AFFC83B4
Type saint
Reporter SAINT Corporation
Modified 2006-12-18T00:00:00

Description

Added: 12/18/2006
CVE: CVE-2004-1774
BID: 10871
OSVDB: 9867

Background

Oracle Database is a relational database solution available for multiple platforms.

Problem

A buffer overflow in the SDO_CODE_SIZE function in the MD2 component of Oracle Database allows remote attackers to execute arbitrary commands.

Resolution

Apply the update referenced in Oracle Alert #68.

References

<http://www.kb.cert.org/vuls/id/316206>
<http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0041.html>

Limitations

Exploit works on Oracle Database 10g 10.1.0.2 and requires the login and password of a valid database user.

Platforms

Windows