Short Name |
HTTP:ORACLE:ISQLPLUS-OF |
---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle 10g iSQLPLus Service Heap Overflow |
Release Date |
2004/09/08 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Oracle 10g iSQLPLus Service. A successful attack can lead to arbitrary code execution.
Oracle Database is reported prone to a buffer overflow vulnerability. Reportedly this issue affects the 'MDSYS.MD2.SDO_CODE_SIZE' procedure. An attacker can supply excessive data to an affected routine resulting in overflowing a destination buffer. This issue can be leveraged to execute arbitrary code and gain 'SYSDBA' privileges. It is conjectured that authentication is required to carry out an attack. This BID will be updated when more information is available.