Signature Detail
Short Name |
HTTP:ORACLE:ISQLPLUS-OF |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle 10g iSQLPLus Service Heap Overflow |
Release Date |
2004/09/08 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Oracle 10g iSQLPLus Service Heap Overflow
This signature detects attempts to exploit a known vulnerability against Oracle 10g iSQLPLus Service. A successful attack can lead to arbitrary code execution.
Extended Description
Oracle Database is reported prone to a buffer overflow vulnerability. Reportedly this issue affects the 'MDSYS.MD2.SDO_CODE_SIZE' procedure. An attacker can supply excessive data to an affected routine resulting in overflowing a destination buffer. This issue can be leveraged to execute arbitrary code and gain 'SYSDBA' privileges. It is conjectured that authentication is required to carry out an attack. This BID will be updated when more information is available.
Affected Products
- Oracle Oracle10g Application Server 10.1.0 .0.2
- Oracle Oracle10g Enterprise Edition 10.1.0 .0.2
- Oracle Oracle10g Personal Edition 10.1.0 .0.2
- Oracle Oracle10g Standard Edition 10.1.0 .0.2
References