Lucene search

SAINT CorporationSAINT:B07593223C17C3921ABC543241758E00

HistoryNov 07, 2006 - 12:00 a.m.

Oracle Security Component sys.pbsde buffer overflow

2006-11-0700:00:00

SAINT Corporation

my.saintcorporation.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

73.9%

JSON

Added: 11/07/2006
CVE: CVE-2005-3438
BID: 15134
OSVDB: 20612

Background

pbsde is a package of stored procedures which is part of the base installation of Oracle Database.

Problem

A buffer overflow in the **sys.pbsde.init** procedure allows database users to execute arbitrary commands.

Resolution

Apply the patch referenced in the October 2005 Critical Patch Update.

References

<http://www.us-cert.gov/cas/techalerts/TA05-292A.html>
<http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0430.html>

Limitations

Exploit works on Oracle Database 10g 10.1.0.2 and requires the login and password of a valid database account.

Platforms

Windows

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

73.9%

JSON

Related for SAINT:B07593223C17C3921ABC543241758E00