Oracle XDB component PITRIG_TRUNCATE buffer overflow

Added: 02/01/2008
CVE: CVE-2008-0339
BID: 27229
OSVDB: 40300

Background

The PITRIG_TRUNCATE function is included in the XDB.XDB_PITRIG_PKG package which is included with Oracle Database.

Problem

A buffer overflow vulnerability in the PITRIG_TRUNCATE function allows remote, authenticated attackers to execute arbitrary commands by specifying an OWNER and NAME parameter with a long combined length.

Resolution

Apply the appropriate update referenced in the January 2008 Critical Patch Update.

References

http://www.us-cert.gov/cas/techalerts/TA08-017A.html

Limitations

Exploit works on Oracle Database Server 10g 10.1.0.5 and requires the login and password of an Oracle user with EXECUTE privileges on the XDB.XDB_PITRIG_PKG package.

Platforms

Windows

Back to exploit index