Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0857

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0857
Last Modified 05 Sep 2008 04:29:08
Published 05 Sep 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0857

Summary

Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file.

Vulnerable Systems

Application

  • Oracle Database Server 7.3.4

  • Oracle Database Server 9.0

  • Oracle Database Server 9.2

  • Oracle8i 8.1


References

CERT-VN - VU#301059

CONFIRM - http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf

BID - 5460

MISC - http://www.ngssoftware.com/advisories/ora-lsnrfmtstr.txt

SECTRACK - 1005037

BUGTRAQ - 20020814 Oracle Listener Control Format String Vulnerabilities (#NISR14082002)


Last Updated: 27 May 2016 10:37:06