CERTA-2003-AVI-122

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans l'exécutable EXTPROC d'Oracle Database.

Description

Une vulnérabilité de type débordement de mémoire a été découverte dans l'exécutable EXTPROC d'Oracle Database. Un utilisateur authentifié à la base et possédant les privilèges CREATE LIBRARY ou CREATE ANY LIBRARY peut exploiter cette vulnérabilité afin d'exécuter du code arbitraire sur le serveur.

Solution

Appliquer le correctif fourni par Oracle suivant la version affectée (cf. Documentation).

None
Impacted products
Vendor Product Description
Oracle Database Server Oracle 8i.
Oracle Database Server Oracle 9i Release 1 et 2 ;
References
Alerte de sécurité #57 d'Oracle None vendor-advisory

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle 8i.",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle 9i Release 1 et 2 ;",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire a \u00e9t\u00e9 d\u00e9couverte dans\nl\u0027ex\u00e9cutable EXTPROC d\u0027Oracle Database. Un utilisateur authentifi\u00e9 \u00e0 la\nbase et poss\u00e9dant les privil\u00e8ges `CREATE LIBRARY` ou\n`CREATE ANY LIBRARY` peut exploiter cette vuln\u00e9rabilit\u00e9 afin d\u0027ex\u00e9cuter\ndu code arbitraire sur le serveur.\n\n## Solution\n\nAppliquer le correctif fourni par Oracle suivant la version affect\u00e9e\n(cf. Documentation).\n",
  "cves": [],
  "links": [],
  "reference": "CERTA-2003-AVI-122",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2003-07-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans l\u0027ex\u00e9cutable EXTPROC d\u0027Oracle\nDatabase.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans EXTPROC d\u0027Oracle Database Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Alerte de s\u00e9curit\u00e9 #57 d\u0027Oracle",
      "url": "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.