Oracle GENERATESCHEMA Buffer Overflow Exploit

2014-09-11T00:00:00
ID 1337DAY-ID-22628
Type zdt
Reporter duke
Modified 2014-09-11T00:00:00

Description

This Exploit a buffer overflow in Oracle10g. When sending a specially formatted query to the GENERATESCHEMA function in the XDB.DBMS_XMLSCHEMA package, an attacker may be able to execute arbitrary code. NOTE: For targets running DEP, you will need to choose target 0 then rexploit with target 1. The first query will disable DEP fro the ORACLE.EXE process. The following product versions are affected: * Oracle Database 10g Release 2, version 10.2.0.1 * Oracle Database 10g Release 1, versions 10.1.0.3, 10.1.0.4, 10.1.0.5 * Oracle9i Database Release 2, versions 9.2.0.6, 9.2.0.7 * Oracle8i Database Release 3, version 8.1.7.4 * Oracle Enterprise Manager 10g Grid Control, versions 10.1.0.3, 10.1.0.4 * Oracle Application Server 10g Release 2, versions 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1.0 * Oracle Application Server 10g Release 1 (9.0.4), versions 9.0.4.1, 9.0.4.2 * Oracle Collaboration Suite 10g Release 1, versions 10.1.1, 10.1.2 * Oracle9i Collaboration Suite Release 2, version 9.0.4.2 * Oracle E-Business Suite Release 11i, versions 11.5.1 through 11.5.10 CU2 * Oracle E-Business Suite Release 11.0 * PeopleSoft Enterprise Portal, versions 8.4, 8.8, 8.9 * JD Edwards EnterpriseOne Tools, OneWorld Tools, versions 8.95.F1, SP23_L1 * Oracle Database 10g Release 1, version 10.1.0.4.2 * Oracle Developer Suite, versions 6i, 9.0.2.1, 9.0.4.1, 9.0.4.2, 10.1.2.0 * Oracle Workflow, versions 11.5.1 through 11.5.9.5 * Oracle9i Database Release 1, versions 9.0.1.4, 9.0.1.5, 9.0.1.5 FIPS * Oracle8 Database Release 8.0.6, version 8.0.6.3 * Oracle9i Application Server Release 1, version 1.0.2.2 Oracle has provided no specifics regarding the nature of these vulnerabilities.

This is private exploit. You can buy it at https://0day.today