Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART





: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
: Risk Level: High

: Oracle Database Server provides the SYS.OLAPIMPL_T package. This package : contains the procedure ODCITABLESTART which is vulnerable to buffer : overflow attacks. Impact: By default SYS.OLAPIMPL_T has EXECUTE : permission to PUBLIC so any Oracle database user can exploit this : vulnerability. Exploitation of this vulnerability allows an attacker to : execute arbitrary code. It can also be exploited to cause DoS (Denial of : service) killing the Oracle server process.
: : CVE: CVE-2008-3974

: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html

Oracle:

Confidentiality: None
Integrity: None
Availability: Partial
CVSS: 4.0

That doesn't seem to go with a remote overflow / code execution vulnerability.



Relevant Pages