Buffer Overflow in Oracle Database Server - 19 Feb 2003

Reported February 17, 2003, by NGSSoftware.

 

 

VERSIONS AFFECTED

 

  • Oracle9i Database Releases 1 and 2

  • Oracle 8i Database 8i, 8.1.7, 8.0.6

 

DESCRIPTION

 

A vulnerability in Oracle’s Database Server can result in remote compromise of the vulnerable server. This vulnerability stems from a remotely exploitable buffer-overflow vulnerability in the TZ_OFFSET function. By supplying a long character string for the time-zone name, an attacker can overwrite a saved return address on the stack of Oracle process. For more details about this vulnerability, see the discoverer’s web site.

 

 

VENDOR RESPONSE

 

Oracle has released an alert regarding this vulnerability.

 

CREDIT          

Discovered by NGSSoftware.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish