[Snort-sigs] rule documentation for WEB-CGI Oracle reports CGI access

Josh.Sakofsky at ...1573... Josh.Sakofsky at ...1573...
Wed Jun 11 11:49:04 EDT 2003


Rule: WEB-CGI Oracle reports CGI access

--
Sid: 1805

--
Summary: A remote user has tried to exploit a flaw on a server running 
Oracle reports.

--
Impact: Serious

--
Detailed Information: A stack overflow exists in the Oracle Reports 
"rwcgi60" program. If a user supplies a long string as a value for
the method "setauth", it can overflow the stack and may allow the user to 
run code on the server. This code would be executed with
the permissions of the web server.

--
Affected Systems: Oracle's Oracle Reports6i 6.0.8 and Oracle9i Application 
Server Reports 9.0.2

--
Attack Scenarios: An attacker can overflow the stack using a URL and cause 
the machine to execute shell code.

--
Ease of Attack: Medium

--
False Positives: None Known

--
False Negatives: None Known

--
Corrective Action: Upgrade with Oracle supplied patch.

--
Contributors: Original rule writer unknown.
              Josh Sakofsky
-- 
Additional References: http://www.securityfocus.com/bid/4848
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20030611/873711a7/attachment.html>


More information about the Snort-sigs mailing list