mailing list archives
Oracle Reports Server Buffer Overflow (#NISR12062002B)
From: "NGSSoftware Insight Security Research" <nisr () ngssoftware com>
Date: Wed, 12 Jun 2002 15:09:22 +0100
NGSSoftware Insight Security Research Advisory
Name: Oracle 9iAS Reports Server
Severity: High Risk
Category: Remote Buffer Overrun Vulnerability
Vendor URL: http://www.oracle.com/
Author: David Litchfield (david () ngssoftware com)
Advisory URL: http://www.ngssoftware.com/advisories/orarep.txt
Date: 12th June 2002
Advisory number: #NISR12062002B
(VNA Reference: http://www.nextgenss.com/vna/ora-reports.txt )
Oracle's Report Server contains a remotely exploitable buffer overrun
vulnerability in one of its CGI based programs.
By supplying an overly long database name parameter to the rwcgi60 with the
setauth method, a remote attacker can overwrite a saved return address on
the stack, gaining control over the processes execution.
Any exploit code supplied by the attacker will run in the security context
of account the web server is running as. Normally on platforms running a
unix variant the account has limited privileges; However, on Windows based
system the web server, by default, runs in the context of the local SYSTEM
NGSSoftware alerted Oracle to this problem on December the 17th 2001 and
Oracle have now released patches which are available from the Metalink site.
The patch number is 2356680.
- Oracle Reports Server Buffer Overflow (#NISR12062002B) NGSSoftware Insight Security Research (Jun 12)