Update Protection against Oracle Database SYS.OLAPIMPL_T Package ODCITABLESTART Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2009-022 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA33525 | |
| Industry Reference(s): | CVE-2008-3974 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Oracle Database 9.0.2.8 Oracle Database 9i Release 2, versions 9.2.0.8 | ||
| Vulnerability Description A buffer overflow vulnerability has been reported in the Oracle Database Server SYS.OLAPIMPL_T package. Oracle Database Server is an enterprise-level relational database application suite. A remote attacker may exploit this issue to execute arbitrary code on an affected system. |
||
|
Update/Patch Available Apply patches: Oracle Critical Patch Update Advisory |
|
|
Vulnerability Details The vulnerability is due to an error in the Oracle Database Server that fails to properly validate user supplied parameters sent to a procedure in the SYS.OLAPIMPL_T package. A remote attacker can exploit this issue by sending a specially crafted SQL statement to a target server. Successful exploitation of this vulnerability may allow the attacker to execute arbitrary code on the affected system and may cause database corruption. |
Protection Overview
By enabling this protection, SmartDefense will detect and block the vulnerable Oracle Database function in SYS.OLAPIMPL_T package over TNS, SMB or iSQL Plus traffic.
In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.