Vulnerability Details CVE-2003-0095
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.435
EPSS Ranking 97.3%
CVSS Severity
CVSS v2 Score 10.0
References
- http://marc.info/?l=bugtraq&m=104549693426042&w=2
- http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf
- http://www.cert.org/advisories/CA-2003-05.html
- http://www.ciac.org/ciac/bulletins/n-046.shtml
- http://www.iss.net/security_center/static/11328.php
- http://www.kb.cert.org/vuls/id/953746
- http://www.osvdb.org/6319
- http://www.securityfocus.com/bid/6849
- http://marc.info/?l=bugtraq&m=104549693426042&w=2
- http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf
- http://www.cert.org/advisories/CA-2003-05.html
- http://www.ciac.org/ciac/bulletins/n-046.shtml
- http://www.iss.net/security_center/static/11328.php
- http://www.kb.cert.org/vuls/id/953746
- http://www.osvdb.org/6319
- http://www.securityfocus.com/bid/6849
Products affected by CVE-2003-0095
-
cpe:2.3:a:oracle:database_server:8.0.6
-
cpe:2.3:a:oracle:database_server:9.2.1
-
cpe:2.3:a:oracle:database_server:9.2.2
-
cpe:2.3:a:oracle:oracle8i:8.1.7
-
cpe:2.3:a:oracle:oracle8i:8.1.7.1
-
cpe:2.3:a:oracle:oracle9i:9.0
-
cpe:2.3:a:oracle:oracle9i:9.0.1
-
cpe:2.3:a:oracle:oracle9i:9.0.1.2
-
cpe:2.3:a:oracle:oracle9i:9.0.1.3
-
cpe:2.3:a:oracle:oracle9i:9.0.2