[32015] in bugtraq
PeopleSoft and Data Upload
daemon@ATHENA.MIT.EDU (info@i-assure.com)
Wed Oct 8 13:19:56 2003
Date: 7 Oct 2003 21:01:08 -0000
Message-ID: <20031007210108.17037.qmail@sf-www2-symnsj.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <info@i-assure.com>
To: bugtraq@securityfocus.com
Vendor: PeopleSoft
Solution ID: 200749181
Product: People Tools
Version: 8.42, Others?
Platform: Solaris 8, BEA WebLogic, Others?
Remote/Local: Remote, Authenticated
Title: Character Field Length
Impact: Possible denial of service.
Description:
LONGCHAR and VARCHAR fields allow potentially large amounts of data to be uploaded. These fields default to the maximum allowed size for their data type established on the database.
Vendor Solution:
The database can be configured to limit the size of these data types, however, this should be tested to assess the impact to the application. Consider also looking at modifying the field definitions within the Application. Restricting size with the field definition would prevent using these LONG fields to upload large amounts of data. Note that making any changes to the delivered application is considered to be a customization beyond the scope of the Global Support Center. Make sure and take a backup of the data before making such changes.
Vendor Trail:
3 June 03 PeopleSoft contacted
3 June 03 PeopleSoft confirms
24 June 03 PeopleSoft teleconference
19 July 03 PeopleSoft posts to Customer Connection
Contributers:
Barrett McGuire
Larry Wargo
Matt Fotter
