CVE-2003-0095

Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.

Published: Mar 3, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-0095
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
oracle / oracle9i	9.0.1	9.0.1.x
oracle / oracle9i	9.0.2	9.0.2.x
oracle / oracle9i	9.0	9.0.x
oracle / database_server	9.2.1	9.2.1.x
oracle / oracle8i	8.1.7.1	8.1.7.1.x
oracle / oracle8i	8.1.7	8.1.7.x
oracle / oracle9i	9.0.1.3	9.0.1.3.x
oracle / oracle9i	9.0.1.2	9.0.1.2.x
oracle / database_server	9.2.2	9.2.2.x
oracle / database_server	8.0.6	8.0.6.x

http://marc.info/?l=bugtraq&m=104549693426042&w=2
http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf
http://www.cert.org/advisories/CA-2003-05.html
http://www.ciac.org/ciac/bulletins/n-046.shtml
http://www.iss.net/security_center/static/11328.php
http://www.kb.cert.org/vuls/id/953746
http://www.osvdb.org/6319
http://www.securityfocus.com/bid/6849

Vulnerability Database

289,697

CVE-2003-0095