Intrusion Prevention

Oracle.Database.PITRIG_DROPMETADATA.Procedure.Buffer.Overflow

Description

This indicates a buffer overflow vulnerability in Oracle 10g R2.
The vulnerability is caused by failure to check the parameters passed to the XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure. It allows remote attackers to execute arbitrary code by calling this precedure with long arguments.

Affected Products

Oracle Oracle10g Standard Edition 10.2.3
Oracle Oracle10g Standard Edition 10.2.2
Oracle Oracle10g Standard Edition 10.2.1
Oracle Oracle10g Personal Edition 10.2.3
Oracle Oracle10g Personal Edition 10.2.2
Oracle Oracle10g Personal Edition 10.2.1
Oracle Oracle10g Enterprise Edition 10.2.3
Oracle Oracle10g Enterprise Edition 10.2.2
Oracle Oracle10g Enterprise Edition 10.2.1

Impact

System compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are not aware of any official fix for this issue.

CVE References

CVE-2007-4517