Oracle Spatial component SDO_CS.TRANSFORM_LAYER buffer overflow

2006-10-26T00:00:00
ID SAINT:8F7B41848C1EF4F143E7E9B860B0A886
Type saint
Reporter SAINT Corporation
Modified 2006-10-26T00:00:00

Description

Added: 10/26/2006
CVE: CVE-2006-5344
BID: 20588
OSVDB: 31462

Background

The Oracle Spatial (formerly SDO) component of Oracle Database provides a set of functions which process multi-dimensional data.

Problem

A buffer overflow in the Oracle Spatial component allows an attacker with EXECUTE privileges on the SDO_CS.TRANSFORM_LAYER function to execute arbitrary commands.

Resolution

Apply the patch referenced in the October 2006 Oracle Critical Patch Update.

References

<http://www.us-cert.gov/cas/techalerts/TA06-291A.html>
<http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html>

Limitations

Exploit works on Oracle Database 10.1.0.2 and 9.2.0.1.

Exploit requires a the login and password of a database user with privileges to create functions. The default "scott" user has sufficient privileges, but is disabled by default in Oracle Database 10g.

Platforms

Windows