Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 DB:ORACLE:SYS:PBSDE-INIT-OF

Severity

 Critical

Recommended

 No

Recommended Action

 Drop

Category

 DB

Keywords

 Oracle sys.pbsde.init Procedure Buffer Overflow

Release Date

 2005/12/19

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

DB: Oracle sys.pbsde.init Procedure Buffer Overflow


This signature detects attempts to exploit a known vulnerability against Oracle database servers. An over-long parameter sent to the sys.pbsde.init procedure, can allow code to be injected into the server's memory. The injected code is executed with the privileges of the user "System" on windows based platforms and the user "Oracle" on Unix based platforms. An unsuccessful attack can terminate the application and create a denial-of-service condition of the database server.

Extended Description

Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, and Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne are affected by multiple vulnerabilities. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Oracle has released a Critical Patch Update advisory for October 2005 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well. Specific details regarding these vulnerabilities are not currently available. This record will be updated and split into individual BIDs for each issue as further information is disclosed.

Affected Products

  • Hp hp-ux 11.11.0
  • Hp hp-ux 11.23.0
  • Hp hp-ux B.11.11
  • Hp hp-ux B.11.23
  • Oracle application_server 10.1.2.0.2
  • Oracle application_server_10g 9.0.4
  • Oracle application_server_10g 9.0.4 .1
  • Oracle application_server_10g 9.0.4 .2
  • Oracle application_server_release_2 10.1.2 .0.0
  • Oracle application_server_release_2 10.1.2 .0.1
  • Oracle application_server_release_2 10.1.2 .0.2
  • Oracle application_server_release_2 9.0.2 .1
  • Oracle application_server_release_2 9.0.2 .3
  • Oracle clinical 4.5.0
  • Oracle clinical 4.5.1
  • Oracle collaboration_suite_release_1 10.1.1
  • Oracle collaboration_suite_release_1
  • Oracle collaboration_suite_release_2 9.0.4 .2
  • Oracle developer_suite 10.1.2
  • Oracle developer_suite 9.0.2 .1
  • Oracle developer_suite 9.0.4 .1
  • Oracle developer_suite 9.0.4 .2
  • Oracle e-business_suite 11.0.0
  • Oracle e-business_suite_11i 11.5.0
  • Oracle e-business_suite_11i 11.5.1
  • Oracle e-business_suite_11i 11.5.10
  • Oracle e-business_suite_11i 11.5.2
  • Oracle e-business_suite_11i 11.5.3
  • Oracle e-business_suite_11i 11.5.4
  • Oracle e-business_suite_11i 11.5.5
  • Oracle e-business_suite_11i 11.5.6
  • Oracle e-business_suite_11i 11.5.7
  • Oracle e-business_suite_11i 11.5.8
  • Oracle e-business_suite_11i 11.5.9
  • Oracle enterprise_manager 9.0.4 .1
  • Oracle enterprise_manager_application_server_control 9.0.4 .1
  • Oracle enterprise_manager_application_server_control 9.0.4 .2
  • Oracle enterprise_manager_database_control_10g 10.1.0 .0.3
  • Oracle enterprise_manager_database_control_10g 10.1.0 .0.4
  • Oracle enterprise_manager_grid_control_10g 10.1.0 .3
  • Oracle enterprise_manager_grid_control_10g 10.1.0 .4
  • Oracle jd_edwards_enterpriseone 8.94.0 Q1
  • Oracle jd_edwards_enterpriseone 8.95.0 B1
  • Oracle jd_edwards_enterpriseone SP23 K1
  • Oracle oracle10g_application_server 10.1.0 .0.2
  • Oracle oracle10g_application_server 10.1.0 .0.3
  • Oracle oracle10g_application_server 10.1.0 .0.3.1
  • Oracle oracle10g_application_server 10.1.0 .0.4
  • Oracle oracle10g_application_server 10.1.2
  • Oracle oracle10g_enterprise_edition 10.1.0 .0.2
  • Oracle oracle10g_enterprise_edition 10.1.0 .0.3
  • Oracle oracle10g_enterprise_edition 10.1.0 .0.3.1
  • Oracle oracle10g_enterprise_edition 10.1.0 .0.4
  • Oracle oracle10g_enterprise_edition 10.1.0.4.2
  • Oracle oracle10g_personal_edition 10.1.0 .0.2
  • Oracle oracle10g_personal_edition 10.1.0 .0.3
  • Oracle oracle10g_personal_edition 10.1.0 .0.3.1
  • Oracle oracle10g_personal_edition 10.1.0 .0.4
  • Oracle oracle10g_standard_edition 10.1.0 .0.2
  • Oracle oracle10g_standard_edition 10.1.0 .0.3
  • Oracle oracle10g_standard_edition 10.1.0 .0.3.1
  • Oracle oracle10g_standard_edition 10.1.0 .0.4
  • Oracle oracle10g_standard_edition 10.1.0 .4.2
  • Oracle oracle8 8.0.6
  • Oracle oracle8 8.0.6 .3
  • Oracle oracle8 8.1.7 .4
  • Oracle oracle8i_enterprise_edition 8.1.7.4.0
  • Oracle oracle8i_standard_edition 8.0.6
  • Oracle oracle8i_standard_edition 8.0.6 .3
  • Oracle oracle8i_standard_edition 8.1.7 .4
  • Oracle oracle9i_application_server 9.0.2 .3
  • Oracle oracle9i_application_server 9.0.3 .1
  • Oracle oracle9i_application_server 9.2.0 .0.6
  • Oracle oracle9i_application_server 9.2.0 .0.7
  • Oracle oracle_9i_application_server_release_1 1.0.2 .2
  • Oracle oracle9i_application_server_web_cache 9.0.2 .3
  • Oracle oracle9i_application_server_web_cache 9.0.3 .1
  • Oracle oracle9i_enterprise_edition 9.0.1 .4
  • Oracle oracle9i_enterprise_edition 9.0.1 .5
  • Oracle oracle9i_enterprise_edition 9.0.1 .5 FIPS
  • Oracle oracle9i_enterprise_edition 9.2.0 .0.5
  • Oracle oracle9i_enterprise_edition 9.2.0.6.0
  • Oracle oracle9i_enterprise_edition 9.2.0.7.0
  • Oracle oracle9i_personal_edition 9.0.1 .4
  • Oracle oracle9i_personal_edition 9.0.1 .5
  • Oracle oracle9i_personal_edition 9.0.1 .5 FIPS
  • Oracle oracle9i_personal_edition 9.2.0 .0.5
  • Oracle oracle9i_personal_edition 9.2.0 .6
  • Oracle oracle9i_personal_edition 9.2.0 .7
  • Oracle oracle9i_standard_edition 9.0.1 .4
  • Oracle oracle9i_standard_edition 9.0.1 .5
  • Oracle oracle9i_standard_edition 9.0.1 .5 FIPS
  • Oracle oracle9i_standard_edition 9.2.0 .0.5
  • Oracle oracle9i_standard_edition 9.2.0 .6
  • Oracle peoplesoft_enterprise_customer_relationship_manage 8.9
  • Oracle workflow 11.5.1
  • Oracle workflow 11.5.9 .5
  • Peoplesoft crm 8.8.1
  • Peoplesoft crm 8.9.0
  • Peoplesoft peopletools 8.10.0
  • Peoplesoft peopletools 8.11.0
  • Peoplesoft peopletools 8.12.0
  • Peoplesoft peopletools 8.13.0
  • Peoplesoft peopletools 8.14.0
  • Peoplesoft peopletools 8.15.0
  • Peoplesoft peopletools 8.16.0
  • Peoplesoft peopletools 8.17.0
  • Peoplesoft peopletools 8.18.0
  • Peoplesoft peopletools 8.19.0
  • Peoplesoft peopletools 8.20.0
  • Peoplesoft peopletools 8.20.7
  • Peoplesoft peopletools 8.40.0
  • Peoplesoft peopletools 8.41.0
  • Peoplesoft peopletools 8.42.0
  • Peoplesoft peopletools 8.43.0
  • Peoplesoft peopletools 8.45.5
  • Peoplesoft peopletools 8.46.3

References

  • BugTraq: 15134
  • CVE: CVE-2005-0873
  • CVE: CVE-2005-3438
  • URL: http://www.red-database-security.com/advisory/details_oracle_cpu_october.html
  • URL: http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out