DB: Oracle Database DBMS_SNAP_INTERNAL Package Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the Oracle Database Server. It is due to a boundary error within the DBMS_SNAP_INTERNAL package of the product. A remote authenticated attacker can send an overly long input to the affected package and cause a buffer overflow. A successful attack allows arbitrary code injection and execution with the privileges of the server process, usually System/root.
Extended Description
Oracle has released a Critical Patch Update advisory for April 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise.
Affected Products
Oracle peoplesoft_enterprise
Short Name
DB:ORACLE:ORACLE-DSI
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
DB
Keywords
Buffer CVE-2007-2126 CVE-2007-2170 DBMS_SNAP_INTERNAL Database Oracle Overflow Package bid:23532
Release Date
01/28/2008
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Oracle
Hp
Ibm
CVSS Score
10.0
9.4