Home page logo

bugtraq logo Bugtraq mailing list archives

Oracle Reports Server Buffer Overflow (#NISR12062002B)
From: "NGSSoftware Insight Security Research" <nisr () ngssoftware com>
Date: Wed, 12 Jun 2002 15:09:22 +0100

NGSSoftware Insight Security Research Advisory

Name: Oracle 9iAS Reports Server
Systems: All
Severity: High Risk
Category: Remote Buffer Overrun Vulnerability
Vendor URL: http://www.oracle.com/
Author: David Litchfield (david () ngssoftware com)
Advisory URL: http://www.ngssoftware.com/advisories/orarep.txt
Date: 12th June 2002
Advisory number: #NISR12062002B
(VNA Reference: http://www.nextgenss.com/vna/ora-reports.txt )

Oracle's Report Server contains a remotely exploitable buffer overrun
vulnerability in one of its CGI based programs.

By supplying an overly long database name parameter to the rwcgi60 with the
setauth method, a remote attacker can overwrite a saved return address on
the stack, gaining control over the processes execution.

Any exploit code supplied by the attacker will run in the security context
of account the web server is running as. Normally on platforms running a
unix variant the account has limited privileges; However, on Windows based
system the web server, by default, runs in the context of the local SYSTEM

Fix Information
NGSSoftware alerted Oracle to this problem on December the 17th 2001 and
Oracle have now released patches which are available from the Metalink site.
The patch number is 2356680.

  By Date           By Thread  

Current thread:
  • Oracle Reports Server Buffer Overflow (#NISR12062002B) NGSSoftware Insight Security Research (Jun 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]