4677.txt

This is the snapshot of Snot Latest Rules

Rule: 

--
Sid: 
4677

-- 
Summary: 
This event is generated when an attempt is made to exploit a known vulnerability in an Oracle database server.

-- 
Impact: 
Serious. Possible execution of arbitrary code and Denial of Service.

--
Detailed Information:
This event is generated when an attempt is made to exploit a known vulnerability in an Oracle database implementation. Multiple buffer overflow conditions are present in numerous packages and procedures.

Exploitation of these vulnerable procedures may allow an attacker to execute code of their choosing as the user running the database. In the case of databases running on Microsoft Windows platforms, this is the Local System account which may mean a compromise of the operating system as well as the database.

This event indicates that an attempt has been made to exploit a vulnerability in the Oracle Enterprise Manager Application Server Control. This application does not properly check the length of user supplied data in parameters sent to the listening service. The data is stored in 1024 byte buffers, an attacker who is able to supply parameters longer than this can overflow the fixed length buffer and execute code of their choosing on an affected server.

--
Affected Systems:
Oracle Oracle10g

--
Attack Scenarios: 
If an attacker can supply enough data to the procedure in question, it may be possible to cause the overflow condition to occur and present the attacker with the opportunity to execute code of their choosing.

-- 
Ease of Attack: 
Simple.

-- 
False Positives:
None Known

--
False Negatives:
None Known

-- 
Corrective Action: 
Apply the appropriate vendor supplied patch

--
Contributors: 
Sourcefire Vulnerability Research Team
Alex Kirk <alex.kirk@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

-- 
Additional References:

--