Name:
Oracle.XDB.PITRIG.PKG.Insecure.Procedures
Released Date:
Feb 28 2008
Severity:
critical
CVE:
2008-0339
Bugtraq:
27229

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt to exploit a buffer overflow or SQL injection vulnerability in Oracle Database.

The vulnerability is caused by an input validation error in the procedures "xDb.XDB_PITRIG_PKG.PITRIG_TRUNCATE" and "xDb.XDB_PITRIG_PKG.PITRIG_DROP". It allows remote attackers to execute arbitrary code or inject SQL statements via the first parameter of these two procedures.
 
Impact
System Compromise: remote attackers can gain control of vulnerable systems.
 
Affected Products
Oracle Database 9.2.0.8
Oracle Database 9.2.0.8DV
Oracle Database 10.1.0.5
Oracle Database 10.2.0.3
Aliases
Oracle.XDB.PITRIG.PKG.Insecure.Procedures
Oracle.XDB.XDB.PITRIG.PKG.Insecure.Procedures
References
http://www.securityfocus.com/bid/27229
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0339
http://secunia.com/advisories/28518/?show_all_related=1
Recommended Actions
Refer to the vendor's web site for suggested workaround.
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED