3466.txt

来自「snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具」· 文本 代码 · 共 68 行

Rule: 

--
Sid: 
3466

-- 
Summary: 
This event is generated when an attempt is made to exploit a known
vulnerability in an Oracle database server.

-- 
Impact: 
Serious. Possible execution of arbitrary code and Denial of Service.

--
Detailed Information:
This event is generated when an attempt is made to exploit a known
vulnerability in an Oracle database implementation. Multiple buffer
overflow conditions are present in numerous packages and procedures.

Specifically an attempt has been made to cause a buffer overflow in the
HTTP Basic Authorization mechanism for Oracle Web Services.

Exploitation of these vulnerable procedures may allow an attacker to
execute code of their choosing as the user running the database. In the
case of databases running on Microsoft Windows platforms, this is the
Local System account which may mean a compromise of the operating system
as well as the database.

--
Affected Systems:
	Oracle Oracle9i

--
Attack Scenarios: 
If an attacker can supply enough data to the Basic Authorization
parameters, it may be possible to cause the overflow condition to occur
and present the attacker with the opportunity to execute code of their choosing.

-- 
Ease of Attack: 
Simple.

-- 
False Positives:
None Known

--
False Negatives:
None Known

-- 
Corrective Action: 
Apply the appropriate vendor supplied patch

--
Contributors: 
Sourcefire Research Team
Matt Watchinski <matt.watchinski@sourcefire.com>
Alex Kirk <akirk@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

-- 
Additional References:

--