Reported April 30, 2003, by NGSSoftware
VERSIONS AFFECTED
Oracle Database Link Buffer Overflow in Oracle9i Release 1 and 2; Oracle 8i, all releases; Oracle 8, all releases; and Oracle 7.3.x
DESCRIPTION
The Oracle database server contains a buffer-overflow condition. To exploit the condition, a malicious user can provide a long parameter for a connect string with the CREATE DATABASE LINK query.
DEMONSTRATION
A query must first be created:
CREATE DATABASE LINK ngss
CONNECT TO hr
IDENTIFIED BY hr
USING 'longstring'
Then the database must be selected, where the overflow is then triggered upon selection:
select * from table@ngss
VENDOR RESPONSE
Oracle has released a patch to correct the problem.
CREDIT
Discovered by NGSSoftware