Oracle Database Advanced Replication component DBMS_SNAP_INTERNAL overflow
Added: 04/25/2007CVE: CVE-2007-2116
BID: 23532
OSVDB: 39933
Background
Package DBMS_SNAP_INTERNAL of schema SYS is an Advanced Replication component used internally by Oracle Database.Problem
A buffer overflow vulnerability in DBMS_SNAP_INTERNAL allows remote attackers to execute arbitrary commands.Resolution
Apply the Oracle Critical Patch Update for April 2007.References
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.htmlLimitations
Exploit works on Oracle Database 10g 10.1.0.4 and requires the login and password of a valid database user with EXECUTE permission on package DBMS_SNAP_INTERNAL. (The default "scott" account does not have permission.)Platforms
WindowsBack to exploit index