CVE-2003-0095

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle9i; Database Server; Oracle8i
Vendor: CVE Published:; 3 March 2003

Summary

Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.

References

http://www.cert.org/advisories/CA-2003-05.html

third-party-advisoryx_refsource_CERT

http://www.ciac.org/ciac/bulletins/n-046.shtml

third-party-advisorygovernment-resourcex_refsource_CIAC

http://www.securityfocus.com/bid/6849

vdb-entryx_refsource_BID

EPSS Score

43% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 3, 2003
Vulnerability Reserved
Feb 18, 2003