1. CVE-Search
  2. CVE-2004-1363
ID CVE-2004-1363
Summary Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:9.0.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:9.0.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:9.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:9.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:9.2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:9.2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:10.1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:10.1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:9.2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:9.2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:9.0.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:9.0.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:collaboration_suite:-:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:collaboration_suite:-:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 02-02-2024 - 14:01)
Impact:
Exploitability:
CWE CWE-131
CAPEC
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 10871
bugtraq 20041223 Oracle extproc buffer overflow (#NISR23122004A)
cert TA04-245A
cert-vn VU#316206
confirm http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
misc http://www.ngssoftware.com/advisories/oracle23122004.txt
sunalert 101782
xf oracle-extproc-library-bo(18659)
saint via4
  • bid 10871
    description Oracle MD2 component SDO_CODE_SIZE buffer overflow
    id database_oracle_version
    osvdb 9867
    title oracle_md2_code_size
    type remote
  • bid 10871
    description Oracle Database string conversion buffer overflow
    id database_oracle_version
    osvdb 9890
    title oracle_string_conversion
    type remote
Last major update 02-02-2024 - 14:01
Published 04-08-2004 - 04:00
Last modified 02-02-2024 - 14:01
Back to Top