Check Point Advisories

Oracle 10g iSQLPLus Service Heap Overflow (CVE-2004-1371)

Check Point Reference: CPAI-2004-171
Date Published: 14 Dec 2009
Severity: Critical
Last Updated: Monday 14 December, 2009
Source:
Industry Reference:CVE-2004-1371
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description Oracle Application Server ships with an interactive and batch query tool called SQL *Plus. This tool consists of a command line utility, a Windows Graphical User Interface (GUI), and a web based interface. The web based interface is called iSQL *Plus, it is a front end to the SQL Plus utility. The iSQL *Plus tool can be accessed through a browser by a remote unauthenticated user. The Oracle 10g database software suite provides a web-based interface to allow for remote access and querying of the database. A vulnerability exists in the utility's method of user input parsing. An unauthenticated attacker may exploit this issue to create a denial of service condition or execute arbitrary code on a vulnerable system. In a simple attack case, the vulnerable SQL *Plus service will terminate upon receiving the attacker's malicious packet. The service will remain down until manually restarted by an administrator. In a sophisticated attack case, remote code injection and execution may be possible. In this case, the behavior of the target is dependent on the injected code.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Oracle 10g iSQLPLus Service Heap Overflow protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Oracle Protection Violation.
Attack Information:  Oracle 10g iSQLPLus service heap overflow

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK