GEN:SID 1:2576
Message ORACLE dbms_repcat.generate_replication_support buffer overflow attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in a Oracle database implementation.
Impact Serious. Execution of arbitrary code may be possible. A Denial of
Service (DoS) condition may also be caused.
Detailed Information Oracle databases may use an inbuilt procedure to generate triggers
needed for database replication. The "generate_replication_support"
procedure contains a programming error that may allow an attacker to
execute a buffer overflow attack.

This overflow is triggered by long strings in some parameters for the
procedure.

Oracle servers running on a Windows platform may listen on any arbitrary
port. Change the $ORACLE_PORTS variable in snort.conf to "any" if this
is applicable to the protected network.
Affected Systems Oracle 9i
Attack Scenarios An attacker can supply a long string to either the "package_prefix" or
"procedure_prefix" variables to cause the overflow. The result could
permit the attacker to gain escalated privileges and run code of their
choosing.
Ease of Attack Simple.
Corrective Action Ensure the system is using an up to date version of the software and has
had all vendor supplied patches applied.
Additional References Application Security Inc.
https://www.appsecinc.com/Policy/PolicyCheck93.html
Rule References url: www.appsecinc.com/Policy/PolicyCheck93.html