Oracle 9i Release 2 XDB HTTP Pass Overflow

Added: 02/25/2009
CVE: CVE-2003-0727
BID: 8375
OSVDB: 2449

Background

Oracle 9i release 2 includes the XDB HTTP service which by default listens on port 8080.

Problem

A buffer overflow vulnerability in the parsing of credentials passed to the server allows remote attackers to execute arbitrary commands by sending a long username or password during HTTP Basic authentication.

Resolution

The vulnerability is fixed in Oracle 9i version 9.2.0.4. To download and install the relevant patches follow the guide included in http://www.oracle.com/technology/deploy/security/pdf/2003Alert58.pdf.

References

http://otn.oracle.com/deploy/security/pdf/2003Alert58.pdf
http://www.blackhat.com/presentations/bh-usa-03/bh-us-03-litchfield-paper.pdf
http://www.appsecinc.com/resources/alerts/oracle/2003-0005.html

Limitations

Exploit works against version 9.2.0.1

Platforms

Windows Server 2003 SP2 / Windows Server 2003
Windows Server 2003 SP1
Windows Server 2003 SP0,SP1,SP2 DEP-Disabled
Windows 2000

Back to exploit index