| VID |
22140 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Oracle iSQL*Plus is vulnerable to a buffer overflow attack by long user ID.
Oracle iSQL*Plus is a web based application that allows users to query the database. It is installed with Oracle 9 database server and runs on top of Apache web server.
The iSQL*Plus web application requires users to log in. After accessing the default url, "/isqlplus" a user is presented with a log in screen. By sending the web server an overly long user ID parameter, an internal buffer is overflow on the stack and the saved return address is overwritten. This can allow an attacker to run arbitrary code in the security context of the web server. On most systems this will be the "oracle" user and on Windows the "SYSTEM" user. Once the web server has been compromised attackers may then use it as a staging platform to launch attacks against the database server itself.
* Platforms Affected:
Oracle Database 9i R1,2 on all operating systems
* References:
http://www.securiteam.com/securitynews/6H0041F60I.html
http://online.securityfocus.com/archive/1/298439
http://www.ngssoftware.com/advisories/ora-isqlplus.txt |
| Recommendation |
The Oracle bug number assigned to this issue is 2581911. Patches can be downloaded from the Oracle Metalink site http://metalink.oracle.com/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
