Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1208

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-1208
Last Modified 05 Sep 2008 04:36:19
Published 03 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1208

Summary

Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions.

Vulnerable Systems

Application

  • Oracle9i Enterprise 9.0.1

  • Oracle9i Enterprise 9.2.0

  • Oracle9i Enterprise 9.2.0.1

  • Oracle9i Enterprise 9.2.0.2

  • Oracle9i Personal 9.0.1

  • Oracle9i Personal 9.2

  • Oracle9i Personal 9.2.0.1

  • Oracle9i Personal 9.2.0.2

  • Oracle9i Standard 9.0

  • Oracle9i Standard 9.0.1

  • Oracle9i Standard 9.0.1.2

  • Oracle9i Standard 9.0.1.3

  • Oracle9i Standard 9.0.1.4

  • Oracle9i Standard 9.0.2

  • Oracle9i Standard 9.2

  • Oracle9i Standard 9.2.0.1

  • Oracle9i Standard 9.2.0.2


References

CERT-VN - VU#846582

CERT-VN - VU#819126

CERT-VN - VU#399806

CERT-VN - VU#240174

XF - oracle-multiple-function-bo(15060)

BID - 9587

OSVDB - 3840

OSVDB - 3839

OSVDB - 3838

OSVDB - 3837

MISC - http://www.nextgenss.com/advisories/ora_numtoyminterval.txt

MISC - http://www.nextgenss.com/advisories/ora_numtodsinterval.txt

MISC - http://www.nextgenss.com/advisories/ora_from_tz.txt

CIAC - O-093

SECUNIA - 10805

MISC - http://www.nextgenss.com/advisories/ora_time_zone.txt

BUGTRAQ - 20040205 Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow


Last Updated: 27 May 2016 10:38:16