Oracle Database Server DIRECTORY Buffer Overflow Vulnerability

Oracle has announced a vulnerability in the Oracle 9i Database Server. This issue affects Oracle 9i Release 2 and earlier.

It has been reported that a buffer overflow condition may occur in the BFILENAME function when run with malicious arguments. This issue likely occurs due to insufficient bounds checking on user-supplied input.

As this issue allows a user to overwrite memory, it may be possible for an attacker to exploit this vulnerability to execute commands.


 

Privacy Statement
Copyright 2010, SecurityFocus