Korean
<< Back
VID 16116
Severity 40
Port 2100
Protocol TCP
Class FTP
Detailed Description The FTP server of Oracle 9i Database, according to its banner, has buffer overflow vulnerabilities in the XDB. Oracle9i Database Server Release 2 is vulnerable to a stack-based multiple buffer overflow vulnerabilities in the authorization code of the Oracle 9i XML Database (XDB) services. The Oracle XDB can be accessed via an HTTP based service on TCP port 8080 or an FTP based service on TCP port 2100. An overlong username or password results in a stack-based overflow in both the HTTP and FTP services. In addition, the FTP service is vulnerable to a buffer overflow by supplying overlong arguments to FTP "TEST" and "UNLOCK" commands. These vulnerabilities can allow a remote attacker to execute arbitrary code on the system running Oracle XDB with the privileges of the Oracle server process.

* Note: This check solely relied on the banner of the remote FTP server to assess this vulnerability, so this might be a false positive.

* References:
http://otn.oracle.com/deploy/security/pdf/2003Alert58.pdf
http://www.blackhat.com/presentations/bh-usa-03/bh-us-03-litchfield-paper.pdf
http://www.frsirt.com/exploits/20051208.oracle9i_xdb_http.pm.php
http://www.symantec.com/avcenter/security/Content/8375.html

* Platforms Affected:
Oracle Oracle9i Database Server Release 2 (versions 9.2.0.x before 9.2.0.4)
Any operating system Any version
Recommendation Apply the appropriate patch for your system, as listed in Oracle Security Alert #58 at http://otn.oracle.com/deploy/security/pdf/2003Alert58.pdf . Note that patches are only available for Oracle 9i Database 9.2.0.3 releases.

-- OR --

If it is not required, disable the Oracle HTTP/FTP services in affected products.

As a temporary workaround to mitigate risk, you may want to block access to the Oracle XDB ports 8080/tcp and 2100/tcp from the internet.
Related URL CVE-2003-0727 (CVE)
Related URL 8375 (SecurityFocus)
Related URL 12949 (ISS)