Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 DB:ORACLE:SYS:LPXFSMSAX-NAME-BO

Severity

 High

Recommended

 Yes

Recommended Action

 Drop

Category

 DB

Keywords

 Oracle Database Server LpxFSMSax QName Stack Buffer Overflow

Release Date

 2014/07/31

Update Number

 2404

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

DB: Oracle Database Server LpxFSMSax QName Stack Buffer Overflow


A stack buffer overflow vulnerability has been reported in Oracle Database Server. The vulnerability is due to insufficient validation of the XML element tag name when a malicious QNAME in a PL/SQL query is encountered. A remote authenticated attacker could exploit this vulnerability by sending a malicious SELECT query to the server. Successful exploitation can allow an attacker to execute arbitrary code on the target system.

Extended Description

Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2 and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Affected Products

  • oracle database_server 11.2.0.2
  • oracle database_server 11.2.0.3

References

  • CVE: CVE-2013-3751
  • URL: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out