Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument.
References
Link | Resource |
---|---|
http://www.idefense.com/application/poi/display?id=135&type=vulnerabilities&flashstatus=false | Patch Vendor Advisory |
http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html | Patch Vendor Advisory |
http://www.red-database-security.com/advisory/advisory_20040903_3.htm | Patch Vendor Advisory |
http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | Vendor Advisory |
http://www.securityfocus.com/bid/11100 | Patch |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17254 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2004-12-30 21:00
Updated : 2017-07-10 18:30
NVD link : CVE-2004-0638
Mitre link : CVE-2004-0638
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
oracle
- oracle8i
- oracle9i