DB: Oracle Database Server LpxFSMSax QName Stack Buffer Overflow
A stack buffer overflow vulnerability has been reported in Oracle Database Server. The vulnerability is due to insufficient validation of the XML element tag name when a malicious QNAME in a PL/SQL query is encountered. A remote authenticated attacker could exploit this vulnerability by sending a malicious SELECT query to the server. Successful exploitation can allow an attacker to execute arbitrary code on the target system.
Extended Description
Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
Affected Products
Oracle database_server
References
CVE: CVE-2013-3751
URL: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
Short Name
DB:ORACLE:SYS:LPXFSMSAX-NAME-BO
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DB
Keywords
Buffer CVE-2013-3751 Database LpxFSMSax Oracle Overflow QName Server Stack
Release Date
07/31/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Oracle
CVSS Score
9.0