Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0638

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2004-0638
Last Modified 05 Sep 2008 12:00:00
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2004-0638

Summary

Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument.

Vulnerable Systems

Application

  • Oracle8i Enterprise 8.1.7.4

  • Oracle8i Standard 8.1.7.4

  • Oracle9i Enterprise 9.0.1.4

  • Oracle9i Enterprise 9.0.1.5

  • Oracle9i Enterprise 9.2.0.3

  • Oracle9i Enterprise 9.2.0.4

  • Oracle9i Personal 9.0.1.4

  • Oracle9i Personal 9.0.1.5

  • Oracle9i Personal 9.2.0.3

  • Oracle9i Personal 9.2.0.4

  • Oracle9i Standard 9.0.1.4

  • Oracle9i Standard 9.0.1.5

  • Oracle9i Standard 9.2.0.3

  • Oracle9i Standard 9.2.0.4


References

XF - oracle-dbmssystem-bo(17254)

BID - 11100

MISC - http://www.red-database-security.com/advisory/advisory_20040903_3.htm

IDEFENSE - 20040902 Oracle Database Server dbms_system.ksdwrt Buffer Overflow Vulnerability

FULLDISC - 20040905 Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i

CONFIRM - http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf


Last Updated: 27 May 2016 10:38:42