Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0095

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-0095
Last Modified 10 Sep 2008 12:00:00
Published 03 Mar 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0095

Summary

Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.

Vulnerable Systems

Application

  • Oracle Database Server 8.0.6

  • Oracle Database Server 9.2.1

  • Oracle Database Server 9.2.2

  • Oracle8i 8.1.7

  • Oracle8i 8.1.7.1

  • Oracle9i 9.0

  • Oracle9i 9.0.1

  • Oracle9i 9.0.1.2

  • Oracle9i 9.0.1.3

  • Oracle9i 9.0.2


References

CERT-VN - VU#953746

CERT - CA-2003-05

CONFIRM - http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf

BID - 6849

OSVDB - 6319

XF - oracle-username-bo(11328)

CIAC - N-046

BUGTRAQ - 20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)


Last Updated: 27 May 2016 10:37:47