[From Oracle Technology Network
A potential security vulnerability has been discovered in the TO_TIMESTAMP_TZ function of
Oracle9i Database. A knowledgeable and malicious user can exploit a buffer overflow in this
This potential security vulnerability is fixed in the last patchset level for each database release on
all platforms. It will be available in the Oracle9i Database Release 2 v 220.127.116.11 patchset. It is
available on Oracle9i Database Release 2 v 18.104.22.168, Oracle9i Database Release 1 v 22.214.171.124, on
Oracle8i Database v 126.96.36.199, on Oracle8i Database v 188.8.131.52 and on Oracle8i Database v 184.108.40.206.
It is available for Oracle8 Database v 8.0.6 on demand.
Download currently available patches from Oracle Worldwide Support Services web site, Metalink
Alert #50, Rev 2, Updated 14 February 2003
Patches are available on Metalink.
The article continues at