Oracle Plugs Three Security Holes
July 25, 2003[From internetnews.com]
The most serious issue was detected in the Oracle Applications Web Report Review (FNDWRR) program, which is implemented as a CGI. In an advisory, Oracle said a buffer overflow exists in the FNDWRR program that could allow an attacker to gain control of the process and execute arbitrary code on the server.
"This buffer overflow can be remotely exploited using a web browser and an overly long URL," the company said, urging users to apply the required patches immediately. Affected software include the Oracle E-Business Suite 11i and Oracle Applications 10.x through 11i.
In a separate warning, Oracle said research firm NGS Software found a buffer overflow vulnerability in the Oracle 8i and 9i database server products.
The article continues at http://www.internetnews.com/dev-news/article.php/2240411