Oracle wrapped procedure overflow (#NISR2122004J)

From: NGSSoftware Insight Security Research (nisr_at_NEXTGENSS.COM)
Date: 12/23/04

  • Next message: NGSSoftware Insight Security Research: "IBM DB2 rec2xml buffer overflow vulnerability (#NISR2122004J)"
    Date:         Thu, 23 Dec 2004 16:38:29 -0000
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    NGSSoftware Insight Security Research Advisory

    Name: Oracle 10g/9i wrapped procedure buffer overflow
    Systems Affected: Oracle 10g/9i on all operating systems
    Severity: High risk
    Vendor URL: http://www.oracle.com/
    Author: David Litchfield [ davidl at ngssoftware.com ]
    Relates to: http://www.nextgenss.com/advisories/oracle-01.txt
    Date of Public Advisory: 23rd December 2004
    Advisory number: #NISR2122004J
    Advisory URL: http://www.ngssoftware.com/advisories/oracle23122004J.txt

    Description
    ***********
    The code for PL/SQL procedures can be encrypted or "wrapped" to use the
    Oracle term. When a wrapped procedure is created a buffer overflow
    vulnerability can be triggered.

    Details
    *******
    By placing an overly token in the text of a procedure that has been wrapped
    with version 9 and stack based buffer is overflowed in the Oracle server
    when the procedure is created. Exploitation of this allows an attacker to
    run code as the Oracle user.

    Fix Information
    ***************
    A patch (#68) was released for this problem by Oracle. See
    http://metalink.oracle.com/ for more details. NGSSQuirreL for Oracle
    (http://www.nextgenss.com/squirrelora.htm), can be used to assess whether
    your Oracle servers are vulnerable to this.

    About NGSSoftware
    *****************
    NGSSoftware design, research and develop intelligent, advanced application
    security assessment scanners. Based in the United Kingdom, NGSSoftware have
    offices in the South of London and the East Coast of Scotland. NGSSoftware's
    sister company NGSConsulting, offers best of breed security consulting
    services, specialising in application, host and network security
    assessments.

    http://www.ngssoftware.com/

    Telephone +44 208 401 0070
    Fax +44 208 401 0076

    enquiries@ngssoftware.com

    --
    Editor's Note: The 43rd Most Powerful Person in Networking says...
    Register today to take the TruSecure ICSA exam by 12/31/04  at
    <http://www.2test.com> ,  use promo code "CT1204" and you will pay just
    $221.25 US Dollars for domestic exam delivery and  $296.25 US Dollars
    for international delivery.
    Visit <https://ticsa.trusecure.com>  for complete details regarding the
    TICSA credential and to take the free sample exam.
    --
    

  • Next message: NGSSoftware Insight Security Research: "IBM DB2 rec2xml buffer overflow vulnerability (#NISR2122004J)"