Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Oracle :: tb11678.htm

Oracle Database Buffer overflows and DoS vulns in public procedures of MDSYS.MD (DB12)



Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD (DB12)
Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD (DB12)



This is a multi-part message in MIME format.
--------------020101020307010005090309
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Team SHATTER Security Alert (Update)

Oracle Database Buffer overflows and Denial of service vulnerabilities
in public procedures of MDSYS.MD (DB12)
Jan 18, 2007 (Updated July 18th, 2007)

Risk Level: High

Affected versions:
Oracle Database Server versions 8i, 9i and 10gR1

Remote exploitable: Yes (Authentication to Database Server is needed)

Credits:
This vulnerability was discovered and researched by Esteban Mart=EDnez
Fay=F3 of Application Security Inc.

CVE:
CVE-2007-0272

Details:
Oracle Database Server provides the MDSYS.MD package that is used in the
Oracle Spatial component. These packages contain many public procedures
that are vulnerable to buffer overflow and denial of service attacks.

Impact:
By default MDSYS.MD has EXECUTE permission to PUBLIC so any Oracle
database user can exploit this vulnerability. Exploitation of this
vulnerability allows an attacker to execute arbitrary code. It can also
be exploited to cause DOS (Denial of service) killing Oracle server
process.

Vendor Status:
Vendor was contacted and a patch was released.

Workaround:
Restrict access to the MDSYS.MD package.

Fix:
Apply Oracle Critical Patch Update July 2007 available at Oracle Metalink.

Links:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html 
http://www.appsecinc.com/resources/alerts/oracle/2007-05.shtml 


- --
_____________________________________________
Application Security, Inc.
www.appsecinc.com 
AppSecInc is the leading provider of database security solutions for the
enterprise. AppSecInc products proactively secure enterprise
applications at more than 300 organizations around the world by
discovering, assessing, and protecting the database against rapidly
changing security threats. By securing data at its source, we enable
organizations to more confidently extend their business with customers,
partners and suppliers. Our security experts, combined with our strong
support team, deliver up-to-date application safeguards that minimize
risk and eliminate its impact on business.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFGnosV9EOAcmTuFN0RAtcqAKC1Gg1gLCxCPgrOGlscSvbOkNBBIgCgmRBe
8oGGrQAOboXDAecdBkEFr0M=smqS
-----END PGP SIGNATURE-----

--------------020101020307010005090309
Content-Type: application/pgp-keys;
 name="0x64EE14DD.asc"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="0x64EE14DD.asc"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (MingW32)

mQGiBEWAUVwRBACEG29buZQSuLf2SYbTta43vwYucTwd4NA+tpgMNCyYhZPTZLGD
ra+Mg+Sj3Mv6RFQjMflKJkz0P/jnfCOqVyJWTIFdouvWh9fTU4XBikUdtU+3ZLmO
YvLAehJHMZqLUXd+wxcC+T/7qFioBoxVfZkfUfyXu2rdL6MRClGNp7w+twCg3D/f
lD8DT5Tls08gpMwAt3w6L+MD/1Qfn1vkOjo9WtDdKSodJ1Gz6XjRE4epZi2GqN5T
8dnC+4vmg8j8t9eQgkDa+kZ7Ke6MYbh69XthB9Jb3u+gNzhqHqNWZizOQH5IBYOD
orki10llvU4tEOaqWbZ0R//Z7vRmA5hPcczA8KMvHjqQGUbccasVswPiBMJIhXwj
dZqLA/99kpdCcxTKYZeW0o459BciJQULWyr6q7x6E1tjuhOFMeB6B+M4cLI50nkW
4+GXlgGbiQqO4eC9j3pkcmLXeZECLKKB5/sjixoorHBVUICrn0260ZkSbTNv9TyQ
DY1OJDwzOESNbnFiVxkDvLo3lssSlAR3i18rf3QSTepUNnkgALQkVGVhbSBTSEFU
VEVSIDxzaGF0dGVyQGFwcHNlY2luYy5jb20+iGYEExECACYFAkWAUVwCGyMFCQlm
AYAGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRD0Q4ByZO4U3WgWAJ9EjeTQI058
R1H1cG5nG08OijKi0QCfWRk3gCo/VJwDUZZTRu4ZAPAH6Nu5Ag0ERYBRZRAIAODL
A0pnKYiMIcRZLSpXmbSNSn8b7R91COkTjIGH85mR10e5406T37eh/Y3GViEe9WRY
phRf611ELeeiPsd9B6vCJzv5WNkVSk4n7WLfDjMkWWFZezeNDUKL3EsggR/xEWAD
yjvf4KVY6R2mLuk+oROoBGoY5028b6A+UmTiXh+0LdBxWoFHnYSXjfSXVUA+UoVV
uiews20akOgtwTcaVFg4w1eNyI59WtBWIomYpQSzc/LXcBfjGpcb+gqTUieFrBDI
IZVdu2LfaCaiRxse3KpZ89sGQDE6hBMvs8MbveRK71ZWH9fQI8jLg9KYOMtOzgJR
PqwGE7ub7TsF0CQQet8AAwUIANgKq9nxGjkq+2Bto6sBtzeGPm+9bAYaAxVtggeC
XR0/+i1B8L/OUA0m68Z2O0ZazXNQyl/xVBnHdVsg/Enxht3BxkU3/79pYLFuSiut
YAtdeIHVDwr4qqPfccEFUSKRWyclXHrwfPnDIcsaFIVyWMJ9OPQDJPcF5TXFBdY+
nh9bNPSCSpeDsXZqC9C5t3AkAOebCBDtncTxM5cg2kdzqfFo6+eg40RT95A+VHfj
GpRJPodT1RpvqqUQUnfl74jPm4VMymlSpHD7CUdhrbxDCCTpU3/U3lCyK78zuHGy
ENhPsKGtbb0Q22RsD1agTnm3Ou6ffPQl8W2H0RJnbA//JeGITwQYEQIADwUCRYBR
ZQIbDAUJCWYBgAAKCRD0Q4ByZO4U3XApAKCfBsYVhoZlRdqpPr6aIAyj4niJUgCg
mbaBonhsctYLDlaAchDUXapQE8k=sBRf
-----END PGP PUBLIC KEY BLOCK-----


--------------020101020307010005090309--


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH