Buffer Overflow in TO_TIMESTAMP_TZ function of Oracle9i Database Server
February 17, 2003[From Oracle Technology Network]
A potential security vulnerability has been discovered in the TO_TIMESTAMP_TZ function of Oracle9i Database. A knowledgeable and malicious user can exploit a buffer overflow in this function.
This potential security vulnerability is fixed in the last patchset level for each database release on all platforms. It will be available in the Oracle9i Database Release 2 v 184.108.40.206 patchset. It is available on Oracle9i Database Release 2 v 220.127.116.11, Oracle9i Database Release 1 v 18.104.22.168, on Oracle8i Database v 22.214.171.124, on Oracle8i Database v 126.96.36.199 and on Oracle8i Database v 188.8.131.52. It is available for Oracle8 Database v 8.0.6 on demand.
Download currently available patches from Oracle Worldwide Support Services web site, Metalink (http://metalink.oracle.com).
Alert #50, Rev 2, Updated 14 February 2003
The article continues at http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf