SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#999268

Oracle Client Tools buffer overflow vulnerability

Overview

A buffer overflow in an unspecified Oracle Client utility may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

I. Description

According to Oracle:

    One vulnerability (DBC02) is in a utility that can be forced to terminate if given long arguments, potentially allowing code of an attacker's choice to be executed. However, this utility is not installed with setuid (elevated) privileges, so the risk that it can be effectively exploited is very low.

Based on research into public information, we believe that this issue is a buffer overflow in an unspecified Oracle Client utility. However, there is not sufficient information to authoritatively relate Oracle vulnerability information to information provided by other parties.

II. Impact

An attacker may be able to execute arbitrary code or cause a denial-of-service condition.

III. Solution

Apply patches

This issue is corrected in the Oracle Critical Patch Update for January 2006.

Systems Affected

VendorStatusDate NotifiedDate Updated
Oracle CorporationVulnerable20-Jan-2006

References

http://www.us-cert.gov/cas/techalerts/TA06-018A.html
http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0255.html
http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html
http://www.securityfocus.com/bid/16287
http://secunia.com/advisories/18493

Credit

This vulnerability was reported by Oracle and Joxean Koret.

This document was written by Jeff Gennari.

Other Information

Date Public:2006-01-17
Date First Published:2006-01-20
Date Last Updated:2006-01-20
CERT Advisory: 
CVE-ID(s):CVE-2006-0283
NVD-ID(s):CVE-2006-0283
US-CERT Technical Alerts: 
Metric:5.91
Document Revision:22

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader