• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Oracle Database Server Oracle Binary Local Buffer Overflow Vulnerability

Oracle Database Server 'oracle' binary has been reported prone to a local buffer overflow vulnerability.

The issue likely presents itself due to a lack of sufficient boundary checks performed on command line arguments passed to the affected binary. It has been reported that a local attacker may overflow the bounds of an insufficient reserved buffer in oracle process memory. Ultimately this condition could be leveraged by the attacker to trigger the execution of arbitrary instructions in the context of the vulnerable binary, which has been reported to be setuid Oracle user.