VULHUB ™

Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation. When the ORACLE_HOME environment variable is filled with 750 bytes or more, a buffer overflow occurs. This overflow may be used to overwrite variables on the stack, including the return address. Since the dbsnmp program is setuid root, it is possible to gain elevated privileges, including administrative access. To exploit this vulnerability, the user must be in the oracle group.

Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation. When the ORACLE_HOME environment variable is filled with 750 bytes or more, a buffer overflow occurs. This overflow may be used to overwrite variables on the stack, including the return address. Since the dbsnmp program is setuid root, it is possible to gain elevated privileges, including administrative access. To exploit this vulnerability, the user must be in the oracle group.