HTTP: Oracle 10g iSQLPLus Service Heap Overflow
This signature detects attempts to exploit a known vulnerability against Oracle 10g iSQLPLus Service. A successful attack can lead to arbitrary code execution.
Extended Description
Oracle Database is reported prone to a buffer overflow vulnerability. Reportedly this issue affects the 'MDSYS.MD2.SDO_CODE_SIZE' procedure. An attacker can supply excessive data to an affected routine resulting in overflowing a destination buffer. This issue can be leveraged to execute arbitrary code and gain 'SYSDBA' privileges. It is conjectured that authentication is required to carry out an attack. This BID will be updated when more information is available.
Affected Products
Oracle oracle10g_application_server
Short Name
HTTP:ORACLE:ISQLPLUS-OF
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
10g CVE-2004-1774 Heap Oracle Overflow Service bid:13145 iSQLPLus
Release Date
09/08/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Oracle
CVSS Score
7.2