Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0634

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0634
Last Modified 05 Sep 2008 04:34:50
Published 27 Aug 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0634

Summary

Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name.

Vulnerable Systems

Application

  • Oracle8i Enterprise 8.1.5 .0.0

  • Oracle8i Enterprise 8.1.5 .0.2

  • Oracle8i Enterprise 8.1.5 .1.0

  • Oracle8i Enterprise 8.1.6 .0.0

  • Oracle8i Enterprise 8.1.6 .1.0

  • Oracle8i Enterprise 8.1.7 .0.0

  • Oracle8i Enterprise 8.1.7 .1.0

  • Oracle8i Standard 8.1.5

  • Oracle8i Standard 8.1.6

  • Oracle8i Standard 8.1.7

  • Oracle8i Standard 8.1.7 .0.0

  • Oracle8i Standard 8.1.7 .1

  • Oracle8i Standard 8.1.7 .4

  • Oracle9i Client 9.2.0.1

  • Oracle9i Client 9.2.0.2

  • Oracle9i Enterprise 9.0.1

  • Oracle9i Enterprise 9.2.0.1

  • Oracle9i Enterprise 9.2.0.2

  • Oracle9i Personal 9.0.1

  • Oracle9i Personal 9.2.0.1

  • Oracle9i Personal 9.2.0.2

  • Oracle9i Standard 9.0

  • Oracle9i Standard 9.0.1

  • Oracle9i Standard 9.0.1.2

  • Oracle9i Standard 9.0.1.3

  • Oracle9i Standard 9.0.1.4

  • Oracle9i Standard 9.0.2

  • Oracle9i Standard 9.2.0.1

  • Oracle9i Standard 9.2.0.2


References

CERT-VN - VU#936868

BID - 8267

BUGTRAQ - 20030725 Oracle Extproc Buffer Overflow (#NISR25072003)

XF - oracle-extproc-bo(12721)

CONFIRM - http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf

BUGTRAQ - 20030725 question about oracle advisory

VULNWATCH - 20030912 Update to the Oracle EXTPROC advisory


Last Updated: 27 May 2016 10:37:59