A buffer overflow vulnerability in Oracle Reports Server 6i could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Reports Server process.
Oracle Reports Server is a component of Oracle Application Server that handles client requests for reports from multiple data sources. Oracle Reports Server is capable of accepting requests and delivering reports over the web using a Reports Web Cartridge (RWCGI60). RWCGI60 is a CGI program that translates and delivers information between the Oracle HTTP Server and the Oracle Reports Server. According to a report by NGSSoftware, RWCGI60 is vulnerable to a buffer overflow via an HTTP request containing a specially crafted database name parameter.
According to Oracle Security Alert #35, Oracle Reports Server 126.96.36.199.0 and earlier are vulnerable, and Oracle9i Application Server 1.0.x includes a vulnerable version of Oracle Reports Server.
An unauthenticated, remote attacker could execute arbitrary code or cause a denial of service on a vulnerable system. By default, the Oracle Reports stand-alone server runs as SYSTEM on Windows NT and Windows 2000 systems.
The CERT/CC thanks David Litchfield of NGSSoftware for information used in this document.
This document was written by Art Manion.
|Date First Published:||2002-06-04|
|Date Last Updated:||2002-11-15 21:57 UTC|