Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL

[shatter@appsecinc.com]

Correction to security advisories published by TeamSHATTER.

Unfortunatelly our advisories published last week had a few minor typos 
regarding the versions affected. Please find corrections to the following 
advisories:

- Oracle Database Buffer overflow vulnerabilities in procedure 
DBMS_LOGMNR.ADD_LOGFILE (CPU DB04)
Affected Versions: 9i
http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml

- Oracle Database Buffer overflow vulnerability in procedure 
DBMS_LOGREP_UTIL.GET_OBJECT_NAME (CPU DB08)
Affected Versions: 9iR2 and 10gR1
http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml

- Oracle Database Buffer overflow vulnerabilities in procedure 
DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT (CPU DB07)
Affected Versions: 9i and 10gR1
http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml

- Oracle Database Buffer overflow vulnerabilities in procedures of package 
DBMS_CAPTURE_ADM_INTERNAL (CPU DB09)
Affected Versions: 9iR2 and 10gR1
http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml


The impact of all these vulnerabilities is as described in our advisories.

Our thanks to Steven Christey of Mitre for bringing this to our attention.


TeamSHATTER