Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Oracle XDB HTTP Buffer Overflow Vulnerability

Subscribe

Check Point Reference: CPAI-2006-013
Date Published:
Severity:
Last Updated:
Source: Oracle Security Alert 58
Industry Reference(s): CVE-2003-0727
Protection Provided by: VPN-1
  • NGX R60
  • NG with Application Intelligence R55W
  • NG with Application Intelligence R55
  • NG with Application Intelligence R54
InterSpect
  • NGX
  • 2.0 and 1.x
Who is Vulnerable?
XML Database (XDB) functionality for Oracle 9i Database Release 2
Vulnerability Description
Oracle 9i XML database suffers from a buffer overflow vulnerability. By passing an overly long username or password, an attacker can execute arbitrary code on the target system.
Vulnerability Details
The Oracle XDB can be accessed via an HTTP based service on TCP port 8080 or an FTP based service on TCP port 2100. To access the database, an attacker must authenticate. By authenticating using an overly long username, an attacker can overflow the buffer and execute code on the system.

Protection Overview
The update blocks the vulnerability based on a unique HTTP header pattern.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
The update also includes the following protections:

  • Oracle XDB FTP Buffer Overflow (CPAI-2006-008)
  • Microsoft Windows Embedded Opentype Fonts (EOT) (CPAI-2006-010)
  • PHP ADOdb Test Scripts and PHP shell/web defacement tool (CPAI-2006-011)
  • HP OpenView Remote Command Execution (CPAI-2006-012)
  • Apache Format String1 and string2 (CPAI-2006-014)

VPN-1 NGX R60

How Can I Protect My Network?
Users of VPN-1 NGX R60 should update their SmartDefense by clicking Online Update in the SmartDashboard General window.

To enable the protection:

1. In the Web Intelligence tree, click HTTP Protocol Inspection > Header Rejection and enable the Oracle XDB HTTP Buffer Overflow pattern.
3. Install security policy on all modules.
 

How Do I Know if My Network is Under Attack?
SmartView will log the following entries:

Attack Name: Header Rejection
Attack Information: Oracle XDB HTTP Buffer Overflow

InterSpect NGX

How Can I Protect My Network?
Users of InterSpect NGX should update their systems: In the left pane from the drop-down list, select Profiles > SmartDefense Service and click the Online Update button.

To enable the protection:

1. In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.  
2. In the Web Intelligence tree, click HTTP Protocol Inspection > Header Rejection and enable the Oracle XDB HTTP Buffer Overflow pattern.
3. Install policy on all modules. 

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Header Rejection
Attack Information: Oracle XDB HTTP Buffer Overflow

VPN-1 NG with Application Intelligece R55W

How Can I Protect My Network?
Users of VPN-1 NG with Application Intelligence R55W should update their SmartDefense by clicking Online Update in the SmartDashboard General window.

To enable the protection:

1. On the Web Intelligence tree, click HTTP Protocol Inspection > Header Rejection and enable the Oracle XDB HTTP Buffer Overflow pattern.
2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Header Rejection
Attack Information: Oracle XDB HTTP Buffer Overflow

VPN-1 NG with Application Intelligence R55/R54

How Can I Protect My Network?
Users of VPN-1 NG with Application Intelligence R55/R54 should update their SmartDefense by clicking Update Now in the SmartDashboard General window.

To enable the protection:

1. On the SmartDefense tree, click Application Intelligence > Web and enable Peer to Peer.
2. In the Headers Detection table, enable the XDB HTTP Buffer Overflow pattern.
3. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Header Rejection
Attack Information: XDB HTTP Buffer Overflow

InterSpect 2.0, 1.x

How Can I Protect My Network?
Users of InterSpect 2.0, 1.x should update their SmartDefense by clicking Online Update in the SmartDashboard General window.

To enable the protection:

1. On the SmartDefense tree, click Application Intelligence > Web > Peer to Peer.
2. In the Headers Detection table, enable the XDB HTTP Buffer Overflow pattern.
3. Install policy on all modules.

How Do I Know if My Network is Under Attack?

SmartView Tracker will log the following entries:

Attack Name: Header Rejection
Attack Information: XDB HTTP Buffer Overflow