Short Name |
DB:ORACLE:SYS:LPXFSMSAX-NAME-BO |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
DB |
Keywords |
Oracle Database Server LpxFSMSax QName Stack Buffer Overflow |
Release Date |
2014/07/31 |
Update Number |
2404 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
A stack buffer overflow vulnerability has been reported in Oracle Database Server. The vulnerability is due to insufficient validation of the XML element tag name when a malicious QNAME in a PL/SQL query is encountered. A remote authenticated attacker could exploit this vulnerability by sending a malicious SELECT query to the server. Successful exploitation can allow an attacker to execute arbitrary code on the target system.
Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.