Reported April 30, 2003, by NGSSoftware



VERSIONS AFFECTED

Oracle Database Link Buffer Overflow in Oracle9i Release 1 and 2; Oracle 8i, all releases; Oracle 8, all releases; and Oracle 7.3.x

DESCRIPTION

The Oracle database server contains a buffer-overflow condition. To exploit the condition, a malicious user can provide a long parameter for a connect string with the CREATE DATABASE LINK query.

DEMONSTRATION

A query must first be created:

CREATE DATABASE LINK ngss

CONNECT TO hr

IDENTIFIED BY hr

USING 'longstring'


Then the database must be selected, where the overflow is then triggered upon selection:


select * from table@ngss


VENDOR RESPONSE

Oracle has released a patch to correct the problem.

CREDIT

Discovered by NGSSoftware