[NEWS] Oracle Reports Server Buffer Overflow
From: support@securiteam.comDate: 06/13/02
- Previous message: support@securiteam.com: "[UNIX] mmftpd FTP Daemon Format String Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Thu, 13 Jun 2002 07:38:17 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Oracle Reports Server Buffer Overflow
------------------------------------------------------------------------
SUMMARY
Oracle's Report Server contains a remotely exploitable buffer overrun
vulnerability in one of its CGI based programs.
DETAILS
Vulnerable systems:
* Oracle 9iAS
By supplying an overly long database name parameter to the rwcgi60 with
the setauth method, a remote attacker can overwrite a saved return address
on the stack, gaining control over the processes execution.
Any exploit code supplied by the attacker will run in the security context
of account the web server is running as. Normally on platforms running a
UNIX variant the account has limited privileges; However, on Windows based
system the web server, by default, runs in the context of the local SYSTEM
account.
Fix Information:
NGSSoftware alerted Oracle to this problem on December the 17th 2001 and
Oracle have now released patches which are available from the Metalink
site. The patch number is 2356680.
ADDITIONAL INFORMATION
The information has been provided by <mailto:nisr@ngssoftware.com>
NGSSoftware Insight Security Research.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] mmftpd FTP Daemon Format String Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [NEWS] Oracle TNS Listener Buffer Overflow
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... The Oracle Net Listener
contains a remotely exploitable buffer overrun ... The Listener 'listens' on TCP port 1521 for
client request to use the ... (Securiteam) - [NEWS] JSP Translation File Access under Oracle 9iAS
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... include SOAP, PL/SQL, XSQL,
and JSP. ... Oracle was informed of these issues on 17 December. ... (Securiteam) - [NEWS] SpiDynamics WebInspect Keeps Track of Its Users (Trial License)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... WebInspect, S.P.I.
Dynamic's premier product, is a network-based web ... We make no effort to hide that this remote
authentication is done. ... (Securiteam) - [NT] DoS and Directory Traversal Vulnerabilities in WebServer 4 Everyone
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... requests and to allow attackers
to download files that reside the outside ... (Securiteam) - [UNIX] Multiple Security Issues in Geeklog (XSS, SQL Inject)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... the vulnerabilities would
allow a remote attacker to ... SQL Injection: ... (Securiteam)
