1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Oracle XDB FTP BO 2

Attack: Oracle XDB FTP BO 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a buffer overflow vulnerability in Oracle 9i.

Additional Information

Oracle has reported that the XML Database functionality (XDB) in Oracle 9i Release 2 is vulnerable to a remotely exploitable buffer overflow condition. The flaw can be exploited through the HTTP or FTP services, which are enabled by default. If the services are disabled, the vulnerabilities may still be exploited if the attacker has valid database credentials. This vulnerability can be exploited to cause a denial-of-service or compromise the database server.

Oracle has stated that Oracle 9i Release 1 and prior are not affected. The Oracle advisory that prompted this alert is likely related to the vulnerabilities described in BID 8375.

Affected

  • Oracle Oracle9i Enterprise Edition 9.2.0.1
  • Oracle Oracle9i Personal Edition 9.2.0.1
  • Oracle Oracle9i Standard Edition 9.2.0.1

Response

Workaround:

Oracle has advised administrators to disable the HTTP/FTP services that are enabled by default. To do this, perform the following steps:

1. Open the Oracle 9i Database Server configuration file "INIT.ORA"
2. On the "dispatchers" parameter line, remove the string:

?(SERVICE=sid-nameXDB)"

Where sid-name is the SID of the database.

3. Restart the database

Note: This workaround will only disable the HTTP and FTP services. The vulnerability will still be present and potentially exploitable if the attacker has database credentials.

The fix is included in patch set 9.2.0.4, which can be applied only to version 9.2.0.3. See the Oracle advisory in the reference section for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube