exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

shatter-mdsysmd.txt

shatter-mdsysmd.txt
Posted Jul 19, 2007
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Alert - The Oracle Database Server provides the MDSYS.MD package that is used in the Oracle Spatial component. These packages contain many public procedures that are vulnerable to buffer overflow and denial of service attacks.

tags | advisory, denial of service, overflow
advisories | CVE-2007-0272
SHA-256 | b7f6615f0debbfe75e060b13acd0cdd0900a209be592fb4d5cb17d1cc4a86b48

shatter-mdsysmd.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Team SHATTER Security Alert (Update)

Oracle Database Buffer overflows and Denial of service vulnerabilities
in public procedures of MDSYS.MD (DB12)
Jan 18, 2007 (Updated July 18th, 2007)

Risk Level: High

Affected versions:
Oracle Database Server versions 8i, 9i and 10gR1

Remote exploitable: Yes (Authentication to Database Server is needed)

Credits:
This vulnerability was discovered and researched by Esteban Martínez
Fayó of Application Security Inc.

CVE:
CVE-2007-0272

Details:
Oracle Database Server provides the MDSYS.MD package that is used in the
Oracle Spatial component. These packages contain many public procedures
that are vulnerable to buffer overflow and denial of service attacks.

Impact:
By default MDSYS.MD has EXECUTE permission to PUBLIC so any Oracle
database user can exploit this vulnerability. Exploitation of this
vulnerability allows an attacker to execute arbitrary code. It can also
be exploited to cause DOS (Denial of service) killing Oracle server
process.

Vendor Status:
Vendor was contacted and a patch was released.

Workaround:
Restrict access to the MDSYS.MD package.

Fix:
Apply Oracle Critical Patch Update July 2007 available at Oracle Metalink.

Links:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html
http://www.appsecinc.com/resources/alerts/oracle/2007-05.shtml


- --
_____________________________________________
Application Security, Inc.
www.appsecinc.com
AppSecInc is the leading provider of database security solutions for the
enterprise. AppSecInc products proactively secure enterprise
applications at more than 300 organizations around the world by
discovering, assessing, and protecting the database against rapidly
changing security threats. By securing data at its source, we enable
organizations to more confidently extend their business with customers,
partners and suppliers. Our security experts, combined with our strong
support team, deliver up-to-date application safeguards that minimize
risk and eliminate its impact on business.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFGnosV9EOAcmTuFN0RAtcqAKC1Gg1gLCxCPgrOGlscSvbOkNBBIgCgmRBe
8oGGrQAOboXDAecdBkEFr0M=
=smqS
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close