Buffer Overflow in Oracle Database Server - 19 Feb 2003
A vulnerability in Oracle Database Server can result in remote compromise of the vulnerable server. This vulnerability stems from an overflow in the database server's authentication process.
February 18, 2003
Reported February 17, 2003, byNGSSoftware.
VERSIONS AFFECTED
Oracle Database Server
DESCRIPTION
Avulnerability in Oracle Database Server can result in remote compromise of thevulnerable server. This vulnerability stems from an overflow in the databaseserver's authentication process. By supplying an overly long username whenattempting to log on to the database server, an attacker can overflow astack-based buffer, thereby overwriting the saved return address. Any arbitrarycode that the attacker supplies would execute with the same privileges as theuser running the service. For more details about this vulnerability, see thediscoverer’s website .
VENDOR RESPONSE
Oracle has released an alert regarding this vulnerability.
CREDIT
Discoveredby NGSSoftware .
About the Author
You May Also Like