CVE - CVE-2003-0096

CVE-ID
CVE-2003-0096	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:6847 URL:http://www.securityfocus.com/bid/6847 BID:6848 URL:http://www.securityfocus.com/bid/6848 BID:6850 URL:http://www.securityfocus.com/bid/6850 BUGTRAQ:20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b) URL:http://marc.info/?l=bugtraq&m=104549743326864&w=2 BUGTRAQ:20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c) URL:http://marc.info/?l=bugtraq&m=104549782327321&w=2 BUGTRAQ:20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e) URL:http://marc.info/?l=bugtraq&m=104550346303295&w=2 CERT:CA-2003-05 URL:http://www.cert.org/advisories/CA-2003-05.html CERT-VN:VU#663786 URL:http://www.kb.cert.org/vuls/id/663786 CERT-VN:VU#743954 URL:http://www.kb.cert.org/vuls/id/743954 CERT-VN:VU#840666 URL:http://www.kb.cert.org/vuls/id/840666 CIAC:N-046 URL:http://www.ciac.org/ciac/bulletins/n-046.shtml CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf MISC:http://www.nextgenss.com/advisories/ora-bfilebo.txt MISC:http://www.nextgenss.com/advisories/ora-tmstmpbo.txt MISC:http://www.nextgenss.com/advisories/ora-tzofstbo.txt VULNWATCH:20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c) URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html VULNWATCH:20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e) URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html VULNWATCH:20030217 Oracle unauthenticated remote system compromise (#NISR16022003a) URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html XF:oracle-bfilename-directory-bo(11325) URL:~~http://www.iss.net/security_center/static/11325.php~~ (Obsolete source - check if archived by the Wayback Machine) XF:oracle-totimestamptz-bo(11327) URL:~~http://www.iss.net/security_center/static/11327.php~~ (Obsolete source - check if archived by the Wayback Machine) XF:oracle-tzoffset-bo(11326) URL:~~http://www.iss.net/security_center/static/11326.php~~ (Obsolete source - check if archived by the Wayback Machine)
Assigning CNA
MITRE Corporation
Date Record Created
20030218	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20071016)
Votes (Legacy)
ACCEPT(4) Baker, Cole, Frech, Wall NOOP(2) Christey, Cox
Comments (Legacy)
Christey> Modify the description to omit 8.0.6, as the Oracle advisory does not list it. (However, NGSSoftware does, perhaps as the result of a typo or cut-and-paste error in their advisory). CIAC:N-046 URL:http://www.ciac.org/ciac/bulletins/n-046.shtml BID:6850 URL:http://www.securityfocus.com/bid/6850 BID:6847 URL:http://www.securityfocus.com/bid/6847 BID:6848 URL:http://www.securityfocus.com/bid/6848 MISC:http://www.nextgenss.com/advisories/ora-bfilebo.txt MISC:http://www.nextgenss.com/advisories/ora-tzofstbo.txt MISC:http://www.nextgenss.com/advisories/ora-tmstmpbo.txt
Proposed (Legacy)
20030317
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)