CVE-2004-0638
Oracle 8i 8.1.7.4 and 9i 9.0.1.4-9.0.1.5 and 9.2.0.3-9.2.0.4 - Authenticated Buffer Overflow in KSDWRTB Function
Title source: llmDescription
Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17254
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
Patch, Vendor Advisory third-party-advisory
x_refsource_idefense
http://www.idefense.com/application/poi/display?id=135&type=vulnerabilities&flashstatus=false
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11100
Patch, Vendor Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html
Patch, Vendor Advisory x_refsource_misc
http://www.red-database-security.com/advisory/advisory_20040903_3.htm
Scores
EPSS
0.0663
EPSS Percentile
93.1%
Details
CWE
CWE-119
Status
published
Products (14)
oracle/oracle8i
enterprise_8.1.7.4
oracle/oracle8i
standard_8.1.7.4
oracle/oracle9i
enterprise_9.0.1.4
oracle/oracle9i
enterprise_9.0.1.5
oracle/oracle9i
enterprise_9.2.0.3
oracle/oracle9i
enterprise_9.2.0.4
oracle/oracle9i
personal_9.0.1.4
oracle/oracle9i
personal_9.0.1.5
oracle/oracle9i
personal_9.2.0.3
oracle/oracle9i
personal_9.2.0.4
... and 4 more
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026