Vulnerabilities > CVE-2003-1208 - Unspecified vulnerability in Oracle Oracle9I
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN oracle
nessus
Summary
Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions.
Vulnerable Configurations
Nessus
| NASL family | Databases |
| NASL id | ORACLE_TIMEZONE_OVERFLOW.NASL |
| description | The remote Oracle Database, according to its version number, is vulnerable to a buffer overflow in the query SET TIME_ZONE. An attacker with a database account may use this flaw to gain the control on the whole database, or even to obtain a shell on this host. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 12047 |
| published | 2004-02-06 |
| reporter | This script is (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/12047 |
| title | Oracle Database 9i Multiple Functions Local Overflow |
References
- http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html
- http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html
- http://secunia.com/advisories/10805
- http://secunia.com/advisories/10805
- http://www.ciac.org/ciac/bulletins/o-093.shtml
- http://www.ciac.org/ciac/bulletins/o-093.shtml
- http://www.kb.cert.org/vuls/id/240174
- http://www.kb.cert.org/vuls/id/240174
- http://www.kb.cert.org/vuls/id/399806
- http://www.kb.cert.org/vuls/id/399806
- http://www.kb.cert.org/vuls/id/819126
- http://www.kb.cert.org/vuls/id/819126
- http://www.kb.cert.org/vuls/id/846582
- http://www.kb.cert.org/vuls/id/846582
- http://www.nextgenss.com/advisories/ora_from_tz.txt
- http://www.nextgenss.com/advisories/ora_from_tz.txt
- http://www.nextgenss.com/advisories/ora_numtodsinterval.txt
- http://www.nextgenss.com/advisories/ora_numtodsinterval.txt
- http://www.nextgenss.com/advisories/ora_numtoyminterval.txt
- http://www.nextgenss.com/advisories/ora_numtoyminterval.txt
- http://www.nextgenss.com/advisories/ora_time_zone.txt
- http://www.nextgenss.com/advisories/ora_time_zone.txt
- http://www.osvdb.org/3837
- http://www.osvdb.org/3837
- http://www.osvdb.org/3838
- http://www.osvdb.org/3838
- http://www.osvdb.org/3839
- http://www.osvdb.org/3839
- http://www.osvdb.org/3840
- http://www.osvdb.org/3840
- http://www.securityfocus.com/bid/9587
- http://www.securityfocus.com/bid/9587
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15060
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15060