Intrusion Prevention

Oracle.XDB.PITRIG.PKG.Insecure.Procedures

Description

This indicates an attempt to exploit a buffer overflow or SQL injection vulnerability in Oracle Database.
The vulnerability is caused by an input validation error in the procedures "xDb.XDB_PITRIG_PKG.PITRIG_TRUNCATE" and "xDb.XDB_PITRIG_PKG.PITRIG_DROP". It allows remote attackers to execute arbitrary code or inject SQL statements via the first parameter of these two procedures.

Affected Products

Oracle Database 9.2.0.8
Oracle Database 9.2.0.8DV
Oracle Database 10.1.0.5
Oracle Database 10.2.0.3

Impact

System Compromise: remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's web site for suggested workaround.
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html

CVE References

CVE-2008-0339