Title: Oracle OTRCREP Oracle Home Environment Variable Buffer Overflow Vulnerability
Severity: MODERATE
Description:
Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation.
A problem in otrcrep has been discovered that can allow a local user to gain elevated privileges. The problem is in the handling of the $ORACLE_HOME environment variable by otrcrep.
When executed, the otrcrep program checks the environment for the existance of the $ORACLE_HOME variable, from which it loads various dependencies for operation.
Upon filling the $ORACLE_HOME environment variable with 300 bytes, a buffer overflow in otrcrep occurs. Since otrcrep is installed with the Oracle suite as an SUID oracle and SGID dba program, this buffer overflow may be used to overwrite stack variables, including the return address, and execute code with owner oracle group dba privileges.
This vulnerability may be exploited by any user on the system.
Affected Products:
- Oracle Oracle8 8.0.5
- Oracle Oracle8 8.0.6
- Oracle Oracle8i Standard Edition 8.1.5
- Oracle Oracle8i Standard Edition 8.1.6
- Oracle Oracle8i Standard Edition 8.1.7
- Oracle Oracle9i Standard Edition 9.0.1
References:
- Oracle: Oracle Security Alert #19
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
