Oracle MD2 component SDO_CODE_SIZE buffer overflow

Added: 12/18/2006
CVE: CVE-2004-1774
BID: 10871
OSVDB: 9867

Background

Oracle Database is a relational database solution available for multiple platforms.

Problem

A buffer overflow in the SDO_CODE_SIZE function in the MD2 component of Oracle Database allows remote attackers to execute arbitrary commands.

Resolution

Apply the update referenced in Oracle Alert #68.

References

http://www.kb.cert.org/vuls/id/316206
http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0041.html

Limitations

Exploit works on Oracle Database 10g 10.1.0.2 and requires the login and password of a valid database user.

Platforms

Windows

Back to exploit index