Buffer Overflow in Oracle Net Services for Oracle Database Server

April 29, 2003

[From Oracle Technology Network]

A potential security vulnerability has been discovered in Oracle Net Services for the Oracle Database server. A knowledgeable and malicious user can cause a buffer overflow in an Oracle database link that may result in a Denial of Service (DoS) attack and/or the execution of arbitrary code against the Oracle Database server.

Products Affected

  • Oracle9i Release 2
  • Oracle9i Release 1
  • Oracle8i (8.1.x - all releases)
  • Oracle8 (8.0.x - all releases)
  • Oracle7 Release 7.3.x

The article continues at http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf