CERT Advisory CA-2001-16
Chris Janicki
Janicki at ia-inc.com
Tue Jul 3 21:11:20 EDT 2001
Rookie question: How is it possible for a buffer overflow to allow
access? Does the overflow automatically provide a shell? Or does it put
the process in some debugging mode with remote privileges?
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 7/3/01, 4:15:50 PM, BayBrianA at aol.com wrote regarding CERT Advisory
CA-2001-16:
> -----BEGIN PGP SIGNED MESSAGE-----
> CERT Advisory CA-2001-16 Oracle 8i contains buffer overflow in TNS
listener
> Original release date: July 03, 2001
> Last revised: --
> Source: CERT/CC
> A complete revision history is at the end of this file.
> Systems Affected
> * Systems running Oracle 8i
> Overview
> A vulnerability in Oracle 8i allows remote intruders to assume
control
> of database servers running on victim machines. If the Oracle server
> is running on a Windows system, an intruder may also be able to gain
> contol of the underlying operating system.
> I. Description
> The COVERT labs at PGP Security have discovered a buffer overflow
> vulnerability in Oracle 8i that allows intruders to execute arbitrary
> code with the privileges of the TNS listener process. The
> vulnerability occurs in a section of code that is executed prior to
> authentication, so an intruder does not require a username or
> password.
> For more information, see the COVERT Labs Security Advisory,
available
> at
> http://www.pgp.com/research/covert/advisories/050.asp
> II. Impact
> An intruder who exploits the vulnerability can remotely execute
> arbitrary code. On UNIX systems, this code runs as the 'oracle' user.
> If running on Windows systems, the intruder's code will run in the
> Local System security context.
> In either case, the attacker can gain control of the database server
> on the victim machine. On Windows systems, the intruder can also gain
> administrative control of the operating system.
> III. Solutions
> Install a patch from Oracle. More information is available in
> Appendix A.
> Appendix A
> Oracle
> Oracle has issued an alert for this vulnerability at
> http://otn.oracle.com/deploy/security/pdf/nai_net8_bof.pdf
> Oracle has fixed this potential security vulnerability in the
Oracle9i
> database server. Oracle is in the process of backporting the fix to
> supported Oracle8i database server Releases 8.1.7 and 8.1.6 and
> Oracle8 Release 8.0.6 on all platforms. The Oracle bug number for the
> patch is 1489683.
> Download the patch for your platform from Oracle's Worldwide Support
> web site, Metalink:
> http://metalink.oracle.com
> Please check Metalink periodically for patch availability if the
patch
> for your platform is not yet available.
> _________________________________________________________________
> Our thanks to COVERT Labs at PGP Security for the information
> contained in their advisory.
> _________________________________________________________________
> This document was written by Shawn V. Hernan. If you have feedback
> concerning this document, please send email to:
>
mailto:cert at cert.org?Subject=[VU#620495]%20Feedback%20CA-2001-16
> Copyright 2001 Carnegie Mellon University.
> Revision History
> July 03, 2001: Initial Release
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 5.0i for non-commercial use
> Charset: noconv
> iQCVAwUBO0I28QYcfu8gsZJZAQF1AQP/QvE4AO+I5HP8VXK850g83NlPiFCxlG1K
> 51GjO/KCFqK78DoBK9YWvxGaZiR6xKaxYJbGftcJh1zKwNqiRDIGk1OdeW873uhj
> bR8vjobFMzNSZU5y9gXPa9YQWdEg1KozQH1VuNsBxRnmHu6Yi3WANbmZXYcRck2x
> lhP8noPes/Q=
> =nVFt
> -----END PGP SIGNATURE-----
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list