|
|
 |
| New User, Welcome! Login |
Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
| From: |
security curmudgeon <jericho attrition org> |
| To: |
Bugtraq <bugtraq securityfocus com> |
| Cc: |
secalert_us oracle com |
| Subject: |
Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART |
| Date: |
Thu - Feb 19, 2009 07:14 PM |
: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
: Risk Level: High
: Oracle Database Server provides the SYS.OLAPIMPL_T package. This package
: contains the procedure ODCITABLESTART which is vulnerable to buffer
: overflow attacks. Impact: By default SYS.OLAPIMPL_T has EXECUTE
: permission to PUBLIC so any Oracle database user can exploit this
: vulnerability. Exploitation of this vulnerability allows an attacker to
: execute arbitrary code. It can also be exploited to cause DoS (Denial of
: service) killing the Oracle server process.
:
: CVE: CVE-2008-3974
: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html
Oracle:
Confidentiality: None
Integrity: None
Availability: Partial
CVSS: 4.0
That doesn't seem to go with a remote overflow / code execution
vulnerability.
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
