Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0222

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2003-0222
Last Modified 05 Sep 2008 12:00:00
Published 12 May 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2003-0222

Summary

Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.

Vulnerable Systems

Application

  • Oracle Database Server 7.3.3

  • Oracle Database Server 7.3.4

  • Oracle Database Server 8.0.1

  • Oracle Database Server 8.0.2

  • Oracle Database Server 8.0.3

  • Oracle Database Server 8.0.4

  • Oracle Database Server 8.0.5

  • Oracle Database Server 8.0.5.1

  • Oracle Database Server 8.0.6

  • Oracle Database Server 8.1.5

  • Oracle Database Server 8.1.6

  • Oracle Database Server 8.1.7

  • Oracle Database Server 9.2.1

  • Oracle Database Server 9.2.2

  • Oracle8i 8.0.6

  • Oracle8i 8.0.6.3

  • Oracle8i 8.0x

  • Oracle8i 8.1.5

  • Oracle8i 8.1.6

  • Oracle8i 8.1.7

  • Oracle8i 8.1.7.1

  • Oracle8i 8.1.7.4

  • Oracle8i 8.1x

  • Oracle9i 9.0

  • Oracle9i 9.0.1

  • Oracle9i 9.0.1.2

  • Oracle9i 9.0.1.3

  • Oracle9i 9.0.1.4

  • Oracle9i 9.0.2

  • Oracle9i 9.2.0.1

  • Oracle9i 9.2.0.2


References

BID - 7453

CONFIRM - http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf

XF - oracle-database-link-bo(11885)

CIAC - N-085

NTBUGTRAQ - 20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)


Last Updated: 27 May 2016 10:37:49