Oracle 9i Release 2 XDB FTP Pass Overflow

2009-02-25T00:00:00
ID SAINT:FEBDE6067ED68D17D37C8F54DDD884A4
Type saint
Reporter SAINT Corporation
Modified 2009-02-25T00:00:00

Description

Added: 02/25/2009
CVE: CVE-2003-0727
BID: 8375
OSVDB: 2449

Background

Oracle 9i release 2 includes the XDB FTP service which by default listens on port 2100.

Problem

A buffer overflow vulnerability in the parsing of credentials passed to the server allows remote attackers to execute arbitrary commands by sending a long username or password during authentication.

Resolution

The vulnerability is fixed in Oracle 9i version 9.2.0.4. To download and install the relevant patches follow the guide included in <http://www.oracle.com/technology/deploy/security/pdf/2003Alert58.pdf>.

References

<http://otn.oracle.com/deploy/security/pdf/2003Alert58.pdf>
<http://www.blackhat.com/presentations/bh-usa-03/bh-us-03-litchfield-paper.pdf>
<http://www.appsecinc.com/resources/alerts/oracle/2003-0005.html>

Limitations

Exploit works against version 9.2.0.1

Platforms

Windows Server 2003 SP2 / Windows Server 2003
Windows Server 2003 SP1
Windows Server 2003 SP0,SP1,SP2 DEP-Disabled
Windows 2000