Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: NGSSoftware Insight Security Research (nisrngssoftware.com)
Date: Wed Jun 12 2002 - 09:10:12 CDT
NGSSoftware Insight Security Research Advisory
Name: Oracle 9iAS Reports Server
Severity: High Risk
Category: Remote Buffer Overrun Vulnerability
Vendor URL: http://www.oracle.com/
Author: David Litchfield (davidngssoftware.com)
Advisory URL: http://www.ngssoftware.com/advisories/orarep.txt
Date: 12th June 2002
Advisory number: #NISR12062002B
(VNA Reference: http://www.nextgenss.com/vna/ora-reports.txt )
Oracle's Report Server contains a remotely exploitable buffer overrun
vulnerability in one of its CGI based programs.
By supplying an overly long database name parameter to the rwcgi60 with the
setauth method, a remote attacker can overwrite a saved return address on
the stack, gaining control over the processes execution.
Any exploit code supplied by the attacker will run in the security context
of account the web server is running as. Normally on platforms running a
unix variant the account has limited privileges; However, on Windows based
system the web server, by default, runs in the context of the local SYSTEM
NGSSoftware alerted Oracle to this problem on December the 17th 2001 and
Oracle have now released patches which are available from the Metalink site.
The patch number is 2356680.