Buffer Overflows in EXTPROC of Oracle Database Server

July 23, 2003

[From Oracle Technology Network]

Potential security vulnerabilities have been discovered in the EXTPROC executable of the Oracle Database. A knowledgeable and malicious user can potentially execute arbitrary code against the Oracle database by exploiting buffer overflows in this executable.

Products Affected

  • Oracle9i Release 2
  • Oracle9i Release 1
  • Oracle8i (8.1.x - all releases)

Required conditions for exploit
Database authenticated user (i.e., valid login required) with the CREATE LIBRARY or the CREATE ANY LIBRARY privilege.

The article continues at http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf