Added: 11/23/2007
CVE: CVE-2007-4517
BID: 26374
OSVDB: 39918
The PITRIG_DROPMETADATA function is included in the XDB.XDB_PITRIG_PKG package which is included with Oracle Database.
A buffer overflow vulnerability in the PITRIG_DROPMETADATA function allows remote, authenticated attackers to execute arbitrary commands by specifying an OWNER and NAME parameter with a long combined length.
This vulnerability will be fixed in a future Critical Patch Update from Oracle.
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=622>
Exploit works on Oracle Database 10g Release 2.
Exploit requires the login and password of a database user who has EXECUTE permission on package XDB.XDB_PITRIG_PKG. The default user “scott” has sufficient privilege if that account is enabled.
Windows