Security researchers have identified a dangerous new vulnerability in several recent releases of Oracle Corp.s flagship database software. The vulnerability puts not only the information in the database at risk, but in some cases, also can lead to a compromise of the operating system.
The vulnerability, which is the result of an unchecked buffer, is in the service that enables users to create links between two Oracle databases. By default, virtually every user with an Oracle account is able to perform the "create database link" task, as that privilege is assigned to the "connect" role, which includes most Oracle accounts.
In order to exploit the flaw, an attacker would need to send an overly long parameter with the connect string with a query to create a database link. This would trigger the stack buffer overflow, which would in turn overwrite the saved return address on the stack. This would give the attacker the ability to run any code he chose on the vulnerable server.
The user-supplied code would run in the context of the account running the Oracle server. On Unix systems, this is usually the "Oracle" user and on Windows machines it is the local System account. Exploiting this vulnerability on a Windows machine would compromise both the data in the database and the operating system itself, according to the bulletin published by Next Generation Security Software Ltd.
The vulnerability affects Oracle 9i Release 1 and 2; all releases of 8i; all releases of 8; and 7.3.x. Oracle, based in Redwood Shores, Calif., has released a patch for the flaw, available here.
Latest Security News: