[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
- To: Bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
- Subject: Re: Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
- From: security curmudgeon <jericho@xxxxxxxxxxxxx>
- Date: Fri, 20 Feb 2009 03:21:14 +0000 (UTC)
: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART
: Risk Level: High
: Oracle Database Server provides the SYS.OLAPIMPL_T package. This package
: contains the procedure ODCITABLESTART which is vulnerable to buffer
: overflow attacks. Impact: By default SYS.OLAPIMPL_T has EXECUTE
: permission to PUBLIC so any Oracle database user can exploit this
: vulnerability. Exploitation of this vulnerability allows an attacker to
: execute arbitrary code. It can also be exploited to cause DoS (Denial of
: service) killing the Oracle server process.
:
: CVE: CVE-2008-3974
:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html
Oracle:
Confidentiality: None
Integrity: None
Availability: Partial
CVSS: 4.0
That doesn't seem to go with a remote overflow / code execution
vulnerability.