Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2650 |
| Message | ORACLE user name buffer overflow attempt |
| Summary | This event is generated when an attempt is made to exploit a known vulnerability in a Oracle database implementation. |
| Impact | Serious. Execution of arbitrary code may be possible. A Denial of Service (DoS) condition may also be caused. |
| Detailed Information | An attacker can attempt to connect to a database using an overly long user name value. This can cause a buffer overflow, allowing an attacker to execute arbitrary code. If you are running Oracle on a Windows server, make sure that the variable $ORACLE_PORTS is set to a value of "any". |
| Affected Systems | Oracle8, Oracle8i, and Oracle9i |
| Attack Scenarios | An attacker can attempt to connect to a database supplying the user an overly long value. The result could permit the attacker to gain escalated privileges and run code of their choosing. |
| Ease of Attack | Simple. |
| Corrective Action | Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied. |
| Additional References | Other: http://www.appsecinc.com/Policy/PolicyCheck62.html |
| Rule References | url: www.appsecinc.com/Policy/PolicyCheck62.html |
--
DID:466584
--
http://www.aanval.com/