Multiple Oracle Database Parameter/Statement Buffer Overflow Vulnerabilities

Oracle database has been reported prone to multiple buffer overflow vulnerabilities when processing certain parameters and functions. Specifically the TIME_ZONE parameter, NUMTOYMINTERVAL, NUMTODSINTERVAL and FROM_TZ functions. Excessive data passed to any of the aforementioned parameters/statements may potentially overrun the bounds of a buffer in stack-based memory. This may result in the corruption of memory adjacent to the affected buffer, and ultimately may provide for arbitrary code execution.


Privacy Statement
Copyright 2010, SecurityFocus