• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Oracle 9i Database Server iSQL Plus Malformed USERID Buffer Overflow Vulnerability

A buffer overflow vulnerability has been reported for Oracle 9i Database Server. The vulnerability affects iSQL *Plus which is a web based interface to the Database Server.

The vulnerability is due to improper bounds checking of the USERID parameter.

An attacker can exploit this problem to overwrite sensitive stack variables, in an effort to execute arbitrary code. Code will be executed with the privileges of the underlying web server, typically the 'oracle' user or 'SYSTEM' user in Windows operating systems.