Oracle Database Server Buffer Overflow Vulnerability

(CVE-2009-1979)
A buffer overflow vulnerability exists in the Oracle Database server. A remote attacker may exploit this vulnerability to execute arbitrary code on a vulnerable system.

The Oracle Database server is an enterprise-level relational database application suite. The vulnerability is due to an error in the Oracle Database server that fails to sufficiently validate the length field of the AUTH_SESSKEY parameter. A remote attacker can exploit this issue by sending malicious packets to the target server. Successful exploitation of this vulnerability can allow the attacker to execute arbitrary code remotely.

Unlike most Oracle database vulnerabilities, exploiting this vulnerability does not require authentication or special user privileges. Successful exploitation can lead to code execution on the database server, granting the attacker a full read-write access to all of the database assets.

Although Oracle provided a patch for this vulnerability in its Quarterly Patch Wednesday (October 21), Check Point considers the risk level associated with this vulnerability to still be very high, since companies often avoid applying these patches. The discoverer has published the technical details of the vulnerability along with a complete proof of concept, increasing the risk of a successful exploit.  At the time of this writing, no other major IPS vendor has issued a protection for this vulnerability.

Check Point, through its worldwide threat response team, provides immediate protection against exploits using this vulnerability through its integrated IPS offerings, IPS Software Blade and  SmartDefense. This protection will detect and block Oracle traffic with overly long AUTH_SESSKEY parameters. See CPAI-2009-274.