Vulnerabilities > CVE-2003-1208 - Buffer Overflow vulnerability in Multiple Oracle Database Parameter/Statement

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
oracle
critical
nessus

Summary

Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions. This was fixed in Oracle 9i Database Release 2, version 9.2.0.3.

Nessus

NASL familyDatabases
NASL idORACLE_TIMEZONE_OVERFLOW.NASL
descriptionThe remote Oracle Database, according to its version number, is vulnerable to a buffer overflow in the query SET TIME_ZONE. An attacker with a database account may use this flaw to gain the control on the whole database, or even to obtain a shell on this host.
last seen2020-06-01
modified2020-06-02
plugin id12047
published2004-02-06
reporterThis script is (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/12047
titleOracle Database 9i Multiple Functions Local Overflow