Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)

Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)

From: <Jared.Still_at_radisys.com>
Date: Tue, 05 Nov 2002 15:14:00 -0800
Message-ID: <F001.004FC586.20021105151400@fatcity.com> 





Alert available at:



http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=216775.1







"NGSSoftware Insight Security Research" <nisr_at_nextgenss.com>
 11/04/2002 09:48 AM

 


        To:     <bugtraq_at_securityfocus.com>, <ntbugtraq_at_listserv.ntbugtraq.com>, 
<vulnwatch_at_vulnwatch.org>

        cc: 
        Subject:        Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)






NGSSoftware Insight Security Research Advisory



Name: Oracle iSQL*Plus buffer overflow


Systems: Oracle Database 9i R1,2 on all operating systems
Severity: High Risk


Vendor URL: http://www.oracle.com/


Author: David Litchfield (david_at_ngssoftware.com)
Advisory URL: http://www.ngssoftware.com/advisories/ora-isqlplus.txt
Date: 4th November 2002


Advisory number: #NISR04112002




Description




Oracle iSQL*Plus is a web based application that allows users to query the
database. It is installed with Oracle 9 database server and runs on top of
apache. The iSQL*Plus module is vulnerable to a classic buffer overflow
vulnerability.




Details




The iSQL*Plus web application requires users to log in. After accessing 
the


default url, "/isqlplus" a user is presented with a log in screen. By
sending the web server an overly long user ID parameter, an internal 
buffer


is overflow on the stack and the saved return address is overwritten. This
can allow an attacker to run arbitrary code in the security context of the
web server. On most systems this will be the "oracle" user and on Windows
the "SYSTEM" user. Once the web server has been compromised attackers may
then use it as a staging platform to launch attacks against the database
server itself.



Fix Information




NGSSoftware alerted Oracle to this problem on the 18th of October and
Oracle, last week, issued an alert. The Oracle bug number assigned to this
issue is 2581911. Patches can be downloaded from the Oracle Metalink site
http://metalink.oracle.com/.





-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: 


  INET: Jared.Still_at_radisys.com


Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Tue Nov 05 2002 - 17:14:00 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US