Oracle ODCITABLESTART Buffer Overflow (Feb 6, 2009)
Oracle Database Server is an enterprise-level relational database application suite. Online Analytical Processing (OLAP) is one of the feature extensions available for Oracle Database Server to enhance its functionality. OLAP is fully integrated into the relational database, all data and metadata is stored and managed from within Oracle Database providing scalability and security.
There is a buffer overflow in the OLAP implementation of one of the functions in module SYS.OLAPIMPL_T, which is called ODCITABLESTART. This function is invoked to begin retrieving rows from a table. The vulnerability is due to an insufficient boundary check when processing the parameter DATA_MAP passed to the function. The definition of the function is shown:
int ODCITableStart(SCTX, CUBE, OBJECT_TYPE, DATA_MAP, LIMIT_MAP, RWS)
By exploiting this vulnerability, an attacker can inject and execute malicious code within the security context of the service process. On Windows platforms, in default configuration, the affected service is running with System privileges.
SonicWALL has released a signature to detect and block specific exploitation attempts targeting this vulnerability. The IPS signature is listed bellow:
- 5372 – SYS.OLAPIMPL_T Package ODCITABLESTART BO Attempt
Please refer to CVE-2008-3974 for more details about the vulnerability
