This is a multi-part message in MIME format.
--------------040902010907060901050303
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Title: Oracle Database Buffer overflow vulnerabilities in package
DBMS_SNAP_INTERNAL

Risk Level: Medium

Affected versions:
Oracle Database Server versions 8i, 9i and 10gR1

Remote exploitable: Yes (Authentication to Database Server is needed)

Credits:
This vulnerability was discovered and researched by Esteban Mart=EDnez
Fay=F3 of Application Security Inc.

Details:
Oracle Database Server provides the DBMS_SNAP_INTERNAL package that
contains procedures used internally by Oracle. Some procedures of this
package have the parameters SNAP_OWNER and SNAP_NAME. These parameters
are vulnerable to buffer overflow attacks.

Impact:
Any Oracle database user with EXECUTE privilege on the package
SYS.DBMS_SNAP_INTERNAL can exploit this vulnerability. Exploitation of
this vulnerability allows an attacker to execute arbitrary code. It can
also be exploited to cause DOS (Denial of service) killing the Oracle
server process.

Vendor Status:
Vendor was contacted and a patch was released.

Workaround:
Restrict access to the SYS.DBMS_SNAP_INTERNAL package.

Fix:
Apply Oracle Critical Patch Update April 2007 available at Oracle Metalink.

Links:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html 
http://www.appsecinc.com/resources/alerts/oracle/2007-07.shtml 


- --
Application Security, Inc.
www.appsecinc.com 
AppSecInc is the leading provider of database security solutions for the
enterprise. AppSecInc products proactively secure enterprise
applications at more than 300 organizations around the world by
discovering, assessing, and protecting the database against rapidly
changing security threats. By securing data at its source, we enable
organizations to more confidently extend their business with customers,
partners and suppliers. Our security experts, combined with our strong
support team, deliver up-to-date application safeguards that minimize
risk and eliminate its impact on business.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org 

iD8DBQFGJmGK9EOAcmTuFN0RAm4qAJwMWIuqw1wETWxS7nSFrOyPx/WJWgCgoRQz
q8llBKUahqqkGZvHT6x3CEQ=RbmR
-----END PGP SIGNATURE-----

--------------040902010907060901050303
Content-Type: application/pgp-keys;
 name="0x64EE14DD.asc"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="0x64EE14DD.asc"

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (MingW32)

mQGiBEWAUVwRBACEG29buZQSuLf2SYbTta43vwYucTwd4NA+tpgMNCyYhZPTZLGD
ra+Mg+Sj3Mv6RFQjMflKJkz0P/jnfCOqVyJWTIFdouvWh9fTU4XBikUdtU+3ZLmO
YvLAehJHMZqLUXd+wxcC+T/7qFioBoxVfZkfUfyXu2rdL6MRClGNp7w+twCg3D/f
lD8DT5Tls08gpMwAt3w6L+MD/1Qfn1vkOjo9WtDdKSodJ1Gz6XjRE4epZi2GqN5T
8dnC+4vmg8j8t9eQgkDa+kZ7Ke6MYbh69XthB9Jb3u+gNzhqHqNWZizOQH5IBYOD
orki10llvU4tEOaqWbZ0R//Z7vRmA5hPcczA8KMvHjqQGUbccasVswPiBMJIhXwj
dZqLA/99kpdCcxTKYZeW0o459BciJQULWyr6q7x6E1tjuhOFMeB6B+M4cLI50nkW
4+GXlgGbiQqO4eC9j3pkcmLXeZECLKKB5/sjixoorHBVUICrn0260ZkSbTNv9TyQ
DY1OJDwzOESNbnFiVxkDvLo3lssSlAR3i18rf3QSTepUNnkgALQkVGVhbSBTSEFU
VEVSIDxzaGF0dGVyQGFwcHNlY2luYy5jb20+iGYEExECACYFAkWAUVwCGyMFCQlm
AYAGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRD0Q4ByZO4U3WgWAJ9EjeTQI058
R1H1cG5nG08OijKi0QCfWRk3gCo/VJwDUZZTRu4ZAPAH6Nu5Ag0ERYBRZRAIAODL
A0pnKYiMIcRZLSpXmbSNSn8b7R91COkTjIGH85mR10e5406T37eh/Y3GViEe9WRY
phRf611ELeeiPsd9B6vCJzv5WNkVSk4n7WLfDjMkWWFZezeNDUKL3EsggR/xEWAD
yjvf4KVY6R2mLuk+oROoBGoY5028b6A+UmTiXh+0LdBxWoFHnYSXjfSXVUA+UoVV
uiews20akOgtwTcaVFg4w1eNyI59WtBWIomYpQSzc/LXcBfjGpcb+gqTUieFrBDI
IZVdu2LfaCaiRxse3KpZ89sGQDE6hBMvs8MbveRK71ZWH9fQI8jLg9KYOMtOzgJR
PqwGE7ub7TsF0CQQet8AAwUIANgKq9nxGjkq+2Bto6sBtzeGPm+9bAYaAxVtggeC
XR0/+i1B8L/OUA0m68Z2O0ZazXNQyl/xVBnHdVsg/Enxht3BxkU3/79pYLFuSiut
YAtdeIHVDwr4qqPfccEFUSKRWyclXHrwfPnDIcsaFIVyWMJ9OPQDJPcF5TXFBdY+
nh9bNPSCSpeDsXZqC9C5t3AkAOebCBDtncTxM5cg2kdzqfFo6+eg40RT95A+VHfj
GpRJPodT1RpvqqUQUnfl74jPm4VMymlSpHD7CUdhrbxDCCTpU3/U3lCyK78zuHGy
ENhPsKGtbb0Q22RsD1agTnm3Ou6ffPQl8W2H0RJnbA//JeGITwQYEQIADwUCRYBR
ZQIbDAUJCWYBgAAKCRD0Q4ByZO4U3XApAKCfBsYVhoZlRdqpPr6aIAyj4niJUgCg
mbaBonhsctYLDlaAchDUXapQE8k=sBRf
-----END PGP PUBLIC KEY BLOCK-----


--------------040902010907060901050303--