CVE-2002-0857

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle8i; Database Server
Vendor: CVE Published:; 5 September 2002

Summary

Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file.

References

http://otn.oracle.com/deploy/security/pdf/2002alert40rev1...

x_refsource_CONFIRM

http://www.kb.cert.org/vuls/id/301059

third-party-advisoryx_refsource_CERT-VN

http://securitytracker.com/id?1005037

vdb-entryx_refsource_SECTRACK

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 5, 2002
Vulnerability Reserved
Aug 15, 2002