Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL
Correction to security advisories published by TeamSHATTER.
Unfortunatelly our advisories published last week had a few minor typos
regarding the versions affected. Please find corrections to the following
advisories:
- Oracle Database Buffer overflow vulnerabilities in procedure
DBMS_LOGMNR.ADD_LOGFILE (CPU DB04)
Affected Versions: 9i
http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml
- Oracle Database Buffer overflow vulnerability in procedure
DBMS_LOGREP_UTIL.GET_OBJECT_NAME (CPU DB08)
Affected Versions: 9iR2 and 10gR1
http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml
- Oracle Database Buffer overflow vulnerabilities in procedure
DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT (CPU DB07)
Affected Versions: 9i and 10gR1
http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml
- Oracle Database Buffer overflow vulnerabilities in procedures of package
DBMS_CAPTURE_ADM_INTERNAL (CPU DB09)
Affected Versions: 9iR2 and 10gR1
http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml
The impact of all these vulnerabilities is as described in our advisories.
Our thanks to Steven Christey of Mitre for bringing this to our attention.
TeamSHATTER