Gain a shell remotely : Oracle timezone overflow

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.12047

Categoría: Gain a shell remotely

Título: Oracle timezone overflow

Resumen: NOSUMMARY

Descripción: Description:

The remote Oracle Database, according to its version number, is vulnerable
to a buffer overflow in the query SET TIME_ZONE.

An attacker with a database account may use this flaw to gain the control
on the whole database, or even to obtain a shell on this host.

Solution : Upgrade to Oracle 9.2.0.3 - http://metalink.oracle.com
See Also : http://www.nextgenss.com/advisories/ora_time_zone.txt
Risk factor : High

Referencia Cruzada: BugTraq ID: 9587
Common Vulnerability Exposure (CVE) ID: CVE-2003-1208
http://www.securityfocus.com/bid/9587
Bugtraq: 20040205 Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow (Google Search)
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html
CERT/CC vulnerability note: VU#240174
http://www.kb.cert.org/vuls/id/240174
CERT/CC vulnerability note: VU#399806
http://www.kb.cert.org/vuls/id/399806
CERT/CC vulnerability note: VU#819126
http://www.kb.cert.org/vuls/id/819126
CERT/CC vulnerability note: VU#846582
http://www.kb.cert.org/vuls/id/846582
Computer Incident Advisory Center Bulletin: O-093
http://www.ciac.org/ciac/bulletins/o-093.shtml
http://www.nextgenss.com/advisories/ora_from_tz.txt
http://www.nextgenss.com/advisories/ora_numtodsinterval.txt
http://www.nextgenss.com/advisories/ora_numtoyminterval.txt
http://www.nextgenss.com/advisories/ora_time_zone.txt
http://www.osvdb.org/3837
http://www.osvdb.org/3838
http://www.osvdb.org/3839
http://www.osvdb.org/3840
http://secunia.com/advisories/10805
XForce ISS Database: oracle-multiple-function-bo(15060)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15060

Copyright This script is (C) 2004 Tenable Network Security

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.12047
Categoría:	Gain a shell remotely
Título:	Oracle timezone overflow
Resumen:	NOSUMMARY
Descripción:	Description: The remote Oracle Database, according to its version number, is vulnerable to a buffer overflow in the query SET TIME_ZONE. An attacker with a database account may use this flaw to gain the control on the whole database, or even to obtain a shell on this host. Solution : Upgrade to Oracle 9.2.0.3 - http://metalink.oracle.com See Also : http://www.nextgenss.com/advisories/ora_time_zone.txt Risk factor : High
Referencia Cruzada:	BugTraq ID: 9587 Common Vulnerability Exposure (CVE) ID: CVE-2003-1208 http://www.securityfocus.com/bid/9587 Bugtraq: 20040205 Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow (Google Search) http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html CERT/CC vulnerability note: VU#240174 http://www.kb.cert.org/vuls/id/240174 CERT/CC vulnerability note: VU#399806 http://www.kb.cert.org/vuls/id/399806 CERT/CC vulnerability note: VU#819126 http://www.kb.cert.org/vuls/id/819126 CERT/CC vulnerability note: VU#846582 http://www.kb.cert.org/vuls/id/846582 Computer Incident Advisory Center Bulletin: O-093 http://www.ciac.org/ciac/bulletins/o-093.shtml http://www.nextgenss.com/advisories/ora_from_tz.txt http://www.nextgenss.com/advisories/ora_numtodsinterval.txt http://www.nextgenss.com/advisories/ora_numtoyminterval.txt http://www.nextgenss.com/advisories/ora_time_zone.txt http://www.osvdb.org/3837 http://www.osvdb.org/3838 http://www.osvdb.org/3839 http://www.osvdb.org/3840 http://secunia.com/advisories/10805 XForce ISS Database: oracle-multiple-function-bo(15060) https://exchange.xforce.ibmcloud.com/vulnerabilities/15060
Copyright	This script is (C) 2004 Tenable Network Security