Database Journal
MS SQL Oracle DB2 Access MySQL PostgreSQL Sybase PHP SQL Etc SQL Scripts & Samples Tips Database Forum

» Database Journal Home
» Database Articles
» Database Tutorials
MS Access
SQL Scripts & Samples
» Database Forum
» Slideshows
Free Newsletters:

News Via RSS Feed

Database Journal |DBA Support |SQLCourse |SQLCourse2

Featured Database Articles

Database News

Posted Nov 5, 2002

Oracle9i Database Buffer Overflow Vulnerability in iSQL*Plus

By Forrest Stroud

A potential buffer overflow security vulnerability has been discovered in the iSQL*Plus component of Oracle9i Database. All versions of Oracle9i, including the recently released Oracle9i Database Release 2, are susceptible to the vulnerability. Oracle has issued a severity level of 2 for this vulnerability.

A malicious user could take advantage of the vulnerability to pass a USERID parameter that may result in a remote buffer overflow exploit against iSQL*Plus. SQL*Plus is not affected by the exploit.

Future releases of Oracle Database will contain the fix by default, and patches are available from the Oracle Worldwide Support Services web site for current releases (accessible using Bug Number 2581911).

Credit goes to David Litchfield of Next Generation Security Software Limited for discovering the potential security vulnerability and bringing it to Oracle's attention.

Additional information on the vulnerability and download links for the patch are available at http://otn.oracle.com/deploy/security/pdf/2002alert46rev1.pdf.

Back to Database Journal Home

Database News Archives

Latest Forum Threads
Database News Forum
Topic By Replies Updated
Efficient SQL Server Indexing by Design lcole 0 April 30th, 12:38 PM
Mine Oracle Database, SQL Server and Other Databases with Monarch Data Pump Pro V10.5 lcole 0 April 30th, 12:37 PM
Oracle Database and Oracle Fusion Middleware for Private Social Network Application lcole 0 April 30th, 12:31 PM
Oracle Database Maintains a Stronghold in the DBMS Market lcole 0 April 30th, 12:30 PM