Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Oracle9i | Oracle | 9.0 (including) | 9.0 (including) |
| Oracle9i | Oracle | 9.0.1 (including) | 9.0.1 (including) |
| Oracle9i | Oracle | 9.0.1.2 (including) | 9.0.1.2 (including) |
| Oracle9i | Oracle | 9.0.1.3 (including) | 9.0.1.3 (including) |
| Oracle9i | Oracle | 9.0.2 (including) | 9.0.2 (including) |
| Oracle9i | Oracle | release_2_9.2.1 (including) | release_2_9.2.1 (including) |
| Oracle9i | Oracle | release_2_9.2.2 (including) | release_2_9.2.2 (including) |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html
- http://marc.info/?l=bugtraq\u0026m=103643298712284\u0026w=2
- http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf
- http://www.iss.net/security_center/static/10524.php
- http://www.osvdb.org/4013
- http://www.securityfocus.com/bid/6085
- http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html
- http://marc.info/?l=bugtraq\u0026m=103643298712284\u0026w=2
- http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf
- http://www.iss.net/security_center/static/10524.php
- http://www.osvdb.org/4013
- http://www.securityfocus.com/bid/6085