DB: Oracle sys.pbsde.init Procedure Buffer Overflow
This signature detects attempts to exploit a known vulnerability against Oracle database servers. An over-long parameter sent to the sys.pbsde.init procedure, can allow code to be injected into the server's memory. The injected code is executed with the privileges of the user "System" on windows based platforms and the user "Oracle" on Unix based platforms. An unsuccessful attack can terminate the application and create a denial-of-service condition of the database server.
Extended Description
Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, and Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne are affected by multiple vulnerabilities. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Oracle has released a Critical Patch Update advisory for October 2005 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well. Specific details regarding these vulnerabilities are not currently available. This record will be updated and split into individual BIDs for each issue as further information is disclosed.
Affected Products
Oracle oracle9i_personal_edition
Short Name
DB:ORACLE:SYS:PBSDE-INIT-OF
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
DB
Keywords
Buffer CVE-2005-0873 CVE-2005-3438 Oracle Overflow Procedure bid:15134 sys.pbsde.init
Release Date
12/19/2005
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3727
False Positive
Unknown
Vendors
Oracle
Hp
Peoplesoft
CVSS Score
10.0
4.3