Bugtraq mailing list archives
Re: Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME
From: "Steven M. Christey" <coley () mitre org>
Date: Thu, 25 Jan 2007 14:36:19 -0500 (EST)
Any Oracle database user with EXECUTE privilege on the package SYS.DBMS_LOGREP_UTIL can exploit this vulnerability. Exploitation of this vulnerability allows an attacker to execute arbitrary code.
This statement is inconsistent with Oracle's CPU, which states that DB08 (CVE-2007-0274) has Partial impact on availability, and no impact on Integrity and Confidentiality.
Affected versions: Oracle Database Server versions 9iR1, 9iR2 and 10gR1
DB08 reports 9iR2 as being the earliest affected version, which is another discrepancy. - Steve
Current thread:
- Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME Team SHATTER (Jan 25)
- <Possible follow-ups>
- Re: Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME Steven M. Christey (Jan 25)