Rule:--Sid:2625--Summary:This event is generated when an attempt is made to exploit a knownvulnerability in a Oracle database implementation.--Impact:Serious. Execution of arbitrary code may be possible. A Denial ofService (DoS) condition may also be caused.--Detailed Information:Oracle databases may use a built-in procedure to assist in databasereplication. The "unregister_user_repgroup" procedure contains aprogramming error that may allow an attacker to execute a bufferoverflow attack.This overflow is triggered by a long string in a parameter for theprocedure.If you are running Oracle on a Windows server, make sure that thevariable $ORACLE_PORTS is set to a value of "any".--Affected Systems:        Oracle 9i--Attack Scenarios:An attacker can supply a long string to the "privilege_type" variableto cause the overflow. The result could permit the attacker to gainescalated privileges and run code of their choosing. This attackrequires an attacker to logon to the database with a valid usernameand password combination.--Ease of Attack:Simple.--False Positives:None known. --False Negatives:None known.--Corrective Action:Ensure the system is using an up to date version of the software and hashad all vendor supplied patches applied.--Contributors:Sourcefire Vulnerability Research TeamMatt Watchinski <mwatchinski@sourcefire.com>Brian Caswell <bmc@sourcefire.com>Nigel Houghton <nigel.houghton@sourcefire.com>Judy Novak <judy.novak@sourcefire.com>--Additional References:Other:http://www.appsecinc.com/Policy/PolicyCheck94.html--