Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1774

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-1774
Last Modified 06 Feb 2010 12:43:03
Published 31 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1774

Summary

Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.

Vulnerable Systems

Application

  • Oracle Application Server 10.1.0.2

  • Oracle10g Enterprise 10.1.0.2

  • Oracle10g Personal 10.1.0.2

  • Oracle10g Standard 10.1.0.2


References

MISC - http://www.securiteam.com/securitynews/5CP010KE0W.html

XF - oracle-mdsysmd2sdocodesize-bo(20078)

BID - 13145

CONFIRM - http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf

MISC - http://www.frsirt.com/exploits/20050413.OracleExploit.sql.php

MISC - http://www.appsecinc.com/resources/alerts/oracle/2004-0001/

FULLDISC - 20040902 [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server


Last Updated: 27 May 2016 10:39:10