Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
- From: security curmudgeon <jericho@xxxxxxxxxxxxx>
- Date: Fri, 20 Feb 2009 03:21:14 +0000 (UTC)
: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
: Risk Level: High
: Oracle Database Server provides the SYS.OLAPIMPL_T package. This package : contains the procedure ODCITABLESTART which is vulnerable to buffer : overflow attacks. Impact: By default SYS.OLAPIMPL_T has EXECUTE : permission to PUBLIC so any Oracle database user can exploit this : vulnerability. Exploitation of this vulnerability allows an attacker to : execute arbitrary code. It can also be exploited to cause DoS (Denial of : service) killing the Oracle server process.
: : CVE: CVE-2008-3974
That doesn't seem to go with a remote overflow / code execution vulnerability.
- Prev by Date: [ MDVA-2009:027 ] kernel
- Next by Date: [ MDVSA-2009:043 ] gnumeric
- Previous by thread: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
- Next by thread: Call for papers and trainers - note extended deadline - SeacureIT 2009