what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New


Posted Apr 30, 2003
Authored by David Litchfield | Site ngssoftware.com

Software Insight Security Research Advisory #NISR29042003 - A classic stack based buffer overflow vulnerability exists in the Oracle database server that can be set up for exploitation by providing an overly long parameter for a connect string with the 'CREATE DATABASE LINK' query.

tags | advisory, overflow
SHA-256 | c3f8b0302120eee28deb89f9e37d6fc46825608d07e31b5127eebc4b72b60651


Change Mirror Download
NGSSoftware Insight Security Research Advisory

Name: Oracle Database Link Buffer Overflow
Systems Affected: All platforms; Oracle9i Database Release 2 and 1, 8i all
releases, 8 all releases, 7.3.x
Severity: High Risk
Vendor URL: http://www.oracle.com
Author: David Litchfield (david@ngssoftware.com)
Date: 29th April 2003
Advisory number: #NISR29042003

Oracle is the leader in the database market with a 54% market share lead
under ERP (Enterprise Resource Planning). The database server is vulnerable
to a remotely exploitable buffer overflow vulnerability. The problem exists
with database links; functionality that allows the querying of one Oracle
database server from another.

A classic stack based buffer overflow vulnerability exists in the Oracle
database server that can be set up for exploitation by providing an overly
long parameter for a connect string with the 'CREATE DATABASE LINK' query:

USING 'longstring'

By default, the 'CREATE DATABASE LINK' privilege is assigned to the CONNECT
role and as most Oracle accounts are assigned membership of this role even
low privileged accounts such as SCOTT and ADAMS can create database links.
By creating a specially crafted database link and then by selecting from the

select * from table@ngss

the overflow can be triggered, overwriting the saved return address on the
stack. This allows an attacker to gain control of the Oracle process' path
of execution and permits the execution of arbitrary, user supplied code. Any
code supplied would run in the security context of the account running the
Oracle database server. On unix based systems this is typically the 'oracle'
user and on Windows the local SYSTEM user. In the former this allows for a
full compromise of the data and in the latter a full compromise of the data
and the operating system.

This is a high risk vulnerability and as such should be patched as soon as
possible, after a suitable period of testing.

Fix Information
NGSSoftware alerted Oracle to this vulnerability on 30th September 2002.
Oracle has reviewed the code and created a patch which is available from:


NGSSoftware advise Oracle database customers to review and install the patch
as a matter of urgency.

A check for this issue already exists in NGSSQuirreL for Oracle, a
comprehensive automated vulnerability assessment tool for Oracle Database
Servers of which more information is available from the NGSSite


It is further recommend that Oracle DBAs have their network/firewall
administrators ensure that the database server is protected from Internet
sourced traffic.

Further Information
For further information about the scope and effects of buffer overflows,
please see


About NGSSoftware
NGSSoftware design, research and develop intelligent, advanced application
security assessment scanners. Based in the United Kingdom, NGSSoftware have
offices in the South of London and the East Coast of Scotland. NGSSoftware's
sister company NGSConsulting, offers best of breed security consulting
services, specialising in application, host and network security


Telephone +44 208 401 0070
Fax +44 208 401 0076


Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By