GEN:SID | 1:2576 |
Message | ORACLE dbms_repcat.generate_replication_support buffer overflow attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in a Oracle database implementation.
|
Impact | Serious. Execution of arbitrary code may be possible. A Denial of Service (DoS) condition may also be caused.
|
Detailed Information | Oracle databases may use an inbuilt procedure to generate triggers needed for database replication. The "generate_replication_support" procedure contains a programming error that may allow an attacker to execute a buffer overflow attack.
This overflow is triggered by long strings in some parameters for the procedure.
Oracle servers running on a Windows platform may listen on any arbitrary port. Change the $ORACLE_PORTS variable in snort.conf to "any" if this is applicable to the protected network.
|
Affected Systems | Oracle 9i
|
Attack Scenarios | An attacker can supply a long string to either the "package_prefix" or "procedure_prefix" variables to cause the overflow. The result could permit the attacker to gain escalated privileges and run code of their choosing.
|
Ease of Attack | Simple.
|
Corrective Action | Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied.
|
Additional References | Application Security Inc. https://www.appsecinc.com/Policy/PolicyCheck93.html
|
Rule References | url: www.appsecinc.com/Policy/PolicyCheck93.html
|