Description
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.
Affected products
- oracle / oracle9i9.0 – 9.0
- oracle / oracle9i9.0.1 – 9.0.1
- oracle / oracle9i9.0.2 – 9.0.2
References
- MISChttp://www.kb.cert.org/vuls/id/630091
- VENDOR_ADVISORYhttp://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf
- MISChttp://www.securityfocus.com/bid/4845
- MISChttp://online.securityfocus.com/archive/1/276526
- MISChttp://www.iss.net/security_center/static/9288.php
- MISChttp://archives.neohapsis.com/archives/vulnwatch/2002-q2/0096.html