CERTA-2003-AVI-122
Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans l'exécutable EXTPROC d'Oracle Database.

Description

Une vulnérabilité de type débordement de mémoire a été découverte dans l'exécutable EXTPROC d'Oracle Database. Un utilisateur authentifié à la base et possédant les privilèges CREATE LIBRARY ou CREATE ANY LIBRARY peut exploiter cette vulnérabilité afin d'exécuter du code arbitraire sur le serveur.

Solution

Appliquer le correctif fourni par Oracle suivant la version affectée (cf. Documentation).

None
Impacted products
Vendor Product Description
Oracle Database Server Oracle 8i.
Oracle Database Server Oracle 9i Release 1 et 2 ;
References
Alerte de sécurité #57 d'Oracle None vendor-advisory

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle 8i.",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle 9i Release 1 et 2 ;",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire a \u00e9t\u00e9 d\u00e9couverte dans\nl\u0027ex\u00e9cutable EXTPROC d\u0027Oracle Database. Un utilisateur authentifi\u00e9 \u00e0 la\nbase et poss\u00e9dant les privil\u00e8ges `CREATE LIBRARY` ou\n`CREATE ANY LIBRARY` peut exploiter cette vuln\u00e9rabilit\u00e9 afin d\u0027ex\u00e9cuter\ndu code arbitraire sur le serveur.\n\n## Solution\n\nAppliquer le correctif fourni par Oracle suivant la version affect\u00e9e\n(cf. Documentation).\n",
  "cves": [],
  "initial_release_date": "2003-07-25T00:00:00",
  "last_revision_date": "2003-07-25T00:00:00",
  "links": [],
  "reference": "CERTA-2003-AVI-122",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2003-07-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans l\u0027ex\u00e9cutable EXTPROC d\u0027Oracle\nDatabase.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans EXTPROC d\u0027Oracle Database Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Alerte de s\u00e9curit\u00e9 #57 d\u0027Oracle",
      "url": "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.