Bugtraq mailing list archives
Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
From: security curmudgeon <jericho () attrition org>
Date: Fri, 20 Feb 2009 03:21:14 +0000 (UTC)
: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART : Risk Level: High: Oracle Database Server provides the SYS.OLAPIMPL_T package. This package : contains the procedure ODCITABLESTART which is vulnerable to buffer : overflow attacks. Impact: By default SYS.OLAPIMPL_T has EXECUTE : permission to PUBLIC so any Oracle database user can exploit this : vulnerability. Exploitation of this vulnerability allows an attacker to : execute arbitrary code. It can also be exploited to cause DoS (Denial of : service) killing the Oracle server process. : : CVE: CVE-2008-3974
: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html Oracle: Confidentiality: None Integrity: None Availability: Partial CVSS: 4.0That doesn't seem to go with a remote overflow / code execution vulnerability.
Current thread:
- Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART Shatter (Feb 03)
- Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART security curmudgeon (Feb 20)