Oracle Database Buffer Overflows and Oracle Applications
Several buffer overflows have been discovered in the Oracle database. These buffer overflows can be exploited from within the Oracle E-Business Suite. All Oracle E-Business Suite implementations should apply the patches described in Oracle Security Alerts 48, 49, 50, and 51.
Integrigy Security Advisory
______________________________________________________________________
Oracle Database Buffer Overflows and Oracle Applications
February 12, 2003
______________________________________________________________________
Summary:
Several buffer overflows have been discovered in the Oracle database. These buffer overflows can be exploited from within the Oracle E-Business Suite. All Oracle E-Business Suite implementations should apply the patches described in Oracle Security Alerts 48, 49, 50, and 51.
Product: Oracle E-Business Suite
Versions: All versions
Platforms: All platforms
Risk Level: High
Product: Oracle Database
Versions: 9.2.0.2, 9.0.1.4, 8.1.7.4
______________________________________________________________________
Description:
Buffer overflows have been discovered in the Oracle database and standard database functions. These buffer overflows can be exploited by an attacker to execute code on the database server. An attacker does not need to be authenticated by the database or have a valid session.
The affected versions of the database are the currently certified versions for the Oracle E-Business Suite.
Solution:
Apply patches as described in Security Alerts 48, 49, 50, and 51. Please note that each alert is a different patch and some alerts only apply to certain versions of the Oracle Database.
Appropriate testing and backups should be performed before applying any patches.
Additional Information:
Oracle Security Alert #48 - http://technet.oracle.com/deploy/security/pdf/2003alert48.pdf
Oracle Security Alert #49 - http://technet.oracle.com/deploy/security/pdf/2003alert49.pdf
Oracle Security Alert #50 - http://technet.oracle.com/deploy/security/pdf/2003alert50.pdf
Oracle Security Alert #51 - http://technet.oracle.com/deploy/security/pdf/2003alert51.pdf
______________________________________________________________________
About Integrigy Corporation (www.integrigy.com)
Integrigy Corporation is a leader in application security for large enterprise, mission critical applications. Our application vulnerability assessment tool, AppSentry, assists companies in securing their largest and most important applications. Integrigy Consulting offers security assessment services for leading ERP and CRM applications.
For more information, visit www.integrigy.com.