Buffer Overflow Vulnerability in Oracle9i Database and Oracle 8i
CVE-2003-0634

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle8i; Oracle9i
Vendor: CVE Published:; 27 August 2003

Summary

A stack-based buffer overflow exists in the PL/SQL EXTPROC functionality of Oracle9i Database and Oracle 8i. This vulnerability can be exploited by authenticated database users, and potentially arbitrary database users, allowing them to execute arbitrary code by supplying an excessively long library name. This poses a serious risk to data integrity and security, especially in environments where the database is exposed to untrusted users.

References

http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf

x_refsource_CONFIRM

http://marc.info/?l=bugtraq&m=105916455814904&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/8267

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Aug 27, 2003
Vulnerability Reserved
Aug 1, 2003