Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection Against Oracle 9i XDB FTP UNLOCK command Vulnerability

Subscribe

Check Point Reference: CPAI-2006-008
Date Published:
Severity:
Last Updated:
Source: Oracle Security Alert 58
Industry Reference(s): CVE-2003-0727
Protection Provided by: VPN-1
  • NGX R60
InterSpect
  • NGX
Who is Vulnerable?
Oracle 9i FTP XDB service
Vulnerability Description
A vulnerability in the authorization code of the Oracle 9i FTP XDB service could allow remote code execution. By passing an overly long username or password to the UNLOCK command, an attacker can execute code on the target system.
Vulnerability Details
The vulnerability exists in the XML Database (XDB) functionality of the Oracle9i Database Release 2. By supplying passing an overly long username or password to the UNLOCK command,  a stack based buffer overflow occurs.

Protection Overview
The Update protects against the vulnerability by blocking the malicious FTP command.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
Additional protections included with the update:

  • Microsoft Windows Embedded Opentype Fonts (EOT) (CPAI-2006-010)
  • PHP ADOdb Test Scripts and PHP shell/web defacement tool (CPAI-2006-011)
  • HP OpenView Remote Command Execution (CPAI-2006-012)
  • Oracle XDB HTTP Buffer Overflow (CPAI-2006-013)
  • Apache Format String1 and string2 (CPAI-2006-014)

VPN-1 NGX R60

How Can I Protect My Network?
Users of VPN-1 NGX R60 should update their SmartDefense by clicking Online Update in the SmartDashboard General window.

To enable the protection:

1. In the SmartDefense tree, click Application Intelligence > FTP > Oracle XDB Overflow.



2. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Enforcement Violation
Attack Information: UNLOCK command blocked

InterSpect NGX

How Can I Protect My Network?
Users of InterSpect NGX should update their systems: In the left pane from the drop-down list, select Profiles > SmartDefense Service and click the Online Update button.

To enable the protection:

1. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.   



2. In the SmartDefense tree, click Application Intelligence > FTP > Oracle XDB Overflow.
3. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP enforcement Violation
Attack Information: FTP UNLOCK command blocked