CVE-2002-0965

Oracle9i - Buffer Overflow

Title source: rule

Description

Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16341

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/oracle/tns_service_name.rb

View Code ZIP pw:eip

References (6)

[Patch, Vendor Advisory] http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf

[US Government Resource] http://www.kb.cert.org/vuls/id/630091

[Patch, Vendor Advisory] http://www.securityfocus.com/bid/4845

[Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/276526

[Third Party Advisory] http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0096.html

[Third Party Advisory] http://www.iss.net/security_center/static/9288.php

Scores

EPSS 0.7358

EPSS Percentile 98.8%

Details

Status published

Products (3)

oracle/oracle9i 9.0

oracle/oracle9i 9.0.1

oracle/oracle9i 9.0.2

Published Oct 04, 2002

Tracked Since Feb 18, 2026