CVE-2003-0095

Oracle Database Server 9i, 8i, 8.1.7, 8.0.6 - Remote Code Execution via Long Username

Title source: llm
STIX 2.1

Description

Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.

References (8)

Core 8
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104549693426042&w=2
Patch, Vendor Advisory x_refsource_confirm
http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/11328.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/6319
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2003-05.html
Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/n-046.shtml
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6849
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/953746

Scores

EPSS 0.1311
EPSS Percentile 95.9%

Details

CWE
CWE-119
Status published
Products (10)
oracle/database_server 8.0.6
oracle/database_server 9.2.1
oracle/database_server 9.2.2
oracle/oracle8i 8.1.7
oracle/oracle8i 8.1.7.1
oracle/oracle9i 9.0
oracle/oracle9i 9.0.1
oracle/oracle9i 9.0.1.2
oracle/oracle9i 9.0.1.3
oracle/oracle9i 9.0.2
Published Mar 03, 2003
Tracked Since Feb 18, 2026