Signature Detail

DB: Oracle Database Server XDB PITRIG_DROPMETADATA Procedure Buffer Overflow

There exists a buffer overflow vulnerability in Oracle Database Server product. The vulnerability exists due to insufficient validation of the arguments supplied to procedure PITRIG_DROPMETADATA in XDB.XDB_PITRIG_PKG package. A remote attacker with valid user credentials may leverage this vulnerability to execute arbitrary code within the security context of the affected service. In case the attack is aiming at a denial of service attack, the vulnerable Oracle database server process will terminate, and the database service will no longer be available until it is restarted. It is also possible that the database data will be corrupted during the database server termination. In case the attacker has successfully injected and executed malicious code on the vulnerable target host, the behaviour of the target system is dependent on the malicious code. Note that any code executed by the attacker runs with the privileges of the Oracle database server process. On Windows systems, the Oracle database server process runs as the System user.

Extended Description

Oracle Database Server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. An authenticated attacker can exploit this issue to execute arbitrary code within the context of the database account. Failed exploit attempts will result in a denial of service.

Affected Products

• Oracle Oracle10g Enterprise Edition 10.2.0 .1
• Oracle Oracle10g Enterprise Edition 10.2.0 .2
• Oracle Oracle10g Enterprise Edition 10.2.0 .3
• Oracle Oracle10g Personal Edition 10.2.0 .1
• Oracle Oracle10g Personal Edition 10.2.0 .2
• Oracle Oracle10g Personal Edition 10.2.0 .3
• Oracle Oracle10g Standard Edition 10.2.0.1
• Oracle Oracle10g Standard Edition 10.2.0 .2
• Oracle Oracle10g Standard Edition 10.2.0 .3

References

• BugTraq: 26374
• CVE: CVE-2007-4517