Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Oracle9i | Oracle | enterprise_9.0.1 (including) | enterprise_9.0.1 (including) |
| Oracle9i | Oracle | enterprise_9.2.0 (including) | enterprise_9.2.0 (including) |
| Oracle9i | Oracle | enterprise_9.2.0.1 (including) | enterprise_9.2.0.1 (including) |
| Oracle9i | Oracle | enterprise_9.2.0.2 (including) | enterprise_9.2.0.2 (including) |
| Oracle9i | Oracle | personal_9.0.1 (including) | personal_9.0.1 (including) |
| Oracle9i | Oracle | personal_9.2 (including) | personal_9.2 (including) |
| Oracle9i | Oracle | personal_9.2.0.1 (including) | personal_9.2.0.1 (including) |
| Oracle9i | Oracle | personal_9.2.0.2 (including) | personal_9.2.0.2 (including) |
| Oracle9i | Oracle | standard_9.0 (including) | standard_9.0 (including) |
| Oracle9i | Oracle | standard_9.0.1 (including) | standard_9.0.1 (including) |
| Oracle9i | Oracle | standard_9.0.1.2 (including) | standard_9.0.1.2 (including) |
| Oracle9i | Oracle | standard_9.0.1.3 (including) | standard_9.0.1.3 (including) |
| Oracle9i | Oracle | standard_9.0.1.4 (including) | standard_9.0.1.4 (including) |
| Oracle9i | Oracle | standard_9.0.2 (including) | standard_9.0.2 (including) |
| Oracle9i | Oracle | standard_9.2 (including) | standard_9.2 (including) |
| Oracle9i | Oracle | standard_9.2.0.1 (including) | standard_9.2.0.1 (including) |
| Oracle9i | Oracle | standard_9.2.0.2 (including) | standard_9.2.0.2 (including) |