Description
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.
References (6)
Core 6
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105162831008176&w=2
Third Party Advisory, US Government Resource third-party-advisory
government-resource
x_refsource_ciac
http://www.ciac.org/ciac/bulletins/n-085.shtml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11885
Patch, Vendor Advisory x_refsource_confirm
http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf
Mailing List mailing-list
x_refsource_ntbugtraq
http://marc.info/?l=ntbugtraq&m=105163376015735&w=2
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7453
Scores
EPSS
0.1251
EPSS Percentile
94.0%
Details
CWE
CWE-119
Status
published
Products (31)
oracle/database_server
7.3.3
oracle/database_server
7.3.4
oracle/database_server
8.0.1
oracle/database_server
8.0.2
oracle/database_server
8.0.3
oracle/database_server
8.0.4
oracle/database_server
8.0.5
oracle/database_server
8.0.5.1
oracle/database_server
8.0.6
oracle/database_server
8.1.5
... and 21 more
Published
May 12, 2003
Tracked Since
Feb 18, 2026