SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Database)  >   Oracle Database Vendors:   Oracle
(Vendor Describes Workaround) Re: Oracle Database Command Line Buffer Overflow Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1007969
SecurityTracker URL:  http://securitytracker.com/id/1007969
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 20 2003
Impact:   Execution of arbitrary code via local system, User access via local system
Vendor Confirmed:  Yes  
Version(s): 8.1.x, 9.0.x, 9.2.x
Description:   A buffer overflow vulnerability was reported in the Oracle database. A local user can execute arbitrary code to gain elevated privileges on the target system.

c0ntex reported that a local user can pass a large input string to the database to trigger a buffer overflow and overwrite the EIP register to execute arbitrary code.

It is reported that the 'oracle' and 'oracleO' binaries are affected. Because the binaries are reportedly configured with set user id (setuid) 'oracle' user privileges, the arbitrary code will run with the privileges of the 'oracle' user.

The report indicates that Release 2 Patch Set 3 Ver 9.2.0.4.0 is vulnerable on Linux and AIX.

A demonstration exploit is available at:

http://packetstormsecurity.nl/0310-exploits/oracle_ownage.c

The vendor has reportedly been notified.
Impact:   A local user can execute arbitrary code with 'oracle' user privileges.
Solution:   Oracle has described the following workaround of removing the "other" execute permissions from the affected binaries and making sure that only trusted users are in the same group as the affected binaries:

# cd $ORACLE_HOME/bin
# chmod o-x oracle oracleO

The vendor indicates that you should not remove the setuid or setgid permissions from the affected binaries.

Oracle reports that an interim patch will be available soon for Oracle 9i Database Release 9.2.0.4 for Linux x86.
Vendor URL:  otn.oracle.com/deploy/security/pdf/2003Alert59.pdf (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64)

Message History:   This archive entry is a follow-up to the message listed below.
Oct 18 2003 Oracle Database Command Line Buffer Overflow Lets Local Users Gain Elevated Privileges


 Source Message Contents
Date:  Mon, 20 Oct 2003 18:21:34 -0400
Subject:  http://otn.oracle.com/deploy/security/pdf/2003Alert59.pdf


http://otn.oracle.com/deploy/security/pdf/2003Alert59.pdf

Oracle issued Oracle Security Alert #59 warning of a buffer overflow in the "oracle" and 
"oracleO" binaries.  A local user can execute arbitrary code on the system.

Oracle 9i Database Release 2 (version 9.2.x) and Release 1 (version 9.0.x) and Oracle 8i 
Database Release 8.1.x are affected on all supported UNIX and Linux systems.

Oracle has described the following workaround of removing the "other" execute permissions 
from the affected binaries and making sure that only trusted users are in the same roup as 
the affected binaries:

# cd $ORACLE_HOME/bin
# chmod o-x oracle oracleO

The vendor indicates that you should not remove the setuid or setgid permissions from the 
affected binaries.

Oracle reports that an interim patch will be available soon for Oracle 9i Database Release 
9.2.0.4 for Linux x86.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC