Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2576 |
| Message | ORACLE dbms_repcat.generate_replication_support buffer overflow attempt |
| Summary | This event is generated when an attempt is made to exploit a known vulnerability in a Oracle database implementation. |
| Impact | Serious. Execution of arbitrary code may be possible. A Denial of Service (DoS) condition may also be caused. |
| Detailed Information | Oracle databases may use an inbuilt procedure to generate triggers needed for database replication. The "generate_replication_support" procedure contains a programming error that may allow an attacker to execute a buffer overflow attack. This overflow is triggered by long strings in some parameters for the procedure. Oracle servers running on a Windows platform may listen on any arbitrary port. Change the $ORACLE_PORTS variable in snort.conf to "any" if this is applicable to the protected network. |
| Affected Systems | Oracle 9i |
| Attack Scenarios | An attacker can supply a long string to either the "package_prefix" or "procedure_prefix" variables to cause the overflow. The result could permit the attacker to gain escalated privileges and run code of their choosing. |
| Ease of Attack | Simple. |
| Corrective Action | Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied. |
| Additional References | Application Security Inc. https://www.appsecinc.com/Policy/PolicyCheck93.html |
| Rule References | url: www.appsecinc.com/Policy/PolicyCheck93.html |
--
DID:785139
--
http://www.aanval.com/