Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation.
A buffer overflow has been discovered in the handling of $ORACLE_HOME by otrcrep. otrcrep is installed with the Oracle suite as a SUID oracle SGID dba binary. This buffer overflow may be exploited by a local user to overwrite stack variables, including the return address, and execute arbitrary code with the privileges of user oracle and group dba.
/*
* This vulnerability was researched by:
* Juan Manuel Pascual Escriba <pask@plazasite.com>
* cc -o evolut otrcrep.c; ./evolut 300 0
*/