Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Oracle :: ora5997.htm

Oracle bfilename function buffer overflow vulnerability
17th Feb 2003 [SBWID-5997]

	Oracle bfilename function buffer overflow vulnerability


	All platforms; Oracle9i Database Release 2, 9i  Release  1,  8i,  8.1.7,


	Thanks  to  David  Litchfield  []  of   NGSSoftware
	Insight Security Research, advisory [#NISR16022003e] :
	Oracle's database server contains fuctions for use within  queries.  The
	bfilename() function returns a BFILE locator to a  binary  large  object
	stored in the database.
	The bfilename() function suffers  from  a  remotely  exploitable  buffer
	overrun when an overly long  DIRECTORY  parameter  is  supplied.  Before
	this issue can be exploited an attacker must be able to log  on  to  the
	database  server  with  a  valid  user  ID  and  password,  but  as  the
	bfilename() function can be executed by PUBLIC by default  any  user  of
	the system can gain control. Any arbitrary code supplied by an  attacker
	would execute with the same privileges as the user running the  service;
	this account is typically "Oracle" on  linux/unix  based  platforms  and
	Local System on Windows based operating systems such as  NT/2000/XP.  As
	such this allows for a complete compromise of the  data  stored  in  the
	database and possibly a complete compromise of the operating system.


	 Fix Information
	NGSSoftware alerted Oracle  to  this  vulnerability  on  30th  September
	2002. Oracle has developed a patch which is available from
	A check for these issues has been added to  NGSSQuirreL  for  Oracle,  a
	comprehensive  automated  vulnerability  assessment  tool   for   Oracle
	Database Servers  of  which  more  information  is  available  from  the
	 Further Information
	For further information about the scope and effects of buffer overflows,
	please see
	 About NGSSoftware
	NGSSoftware design, research and develop intelligent, advanced application
	security assessment scanners. Based in the United Kingdom, NGSSoftware have
	offices in the South of London and the East Coast of Scotland. NGSSoftware's
	sister company NGSConsulting, offers best of breed security consulting
	services, specialising in application, host and network security
	Telephone +44 208 401 0070
	Fax +44 208 401 0076

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH