Oracle Database Server Remote username Overflow

2003-02-16T00:00:00
ID OSVDB:6319
Type osvdb
Reporter Mark Litchfield(mark@ngssoftware.com)
Modified 2003-02-16T00:00:00

Description

Vulnerability Description

A remote overflow exists in Oracle Database Server. The authentication process fails to perform proper bounds checking resulting in a buffer overflow. By sending an overly long username during login, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Oracle Database Server. The authentication process fails to perform proper bounds checking resulting in a buffer overflow. By sending an overly long username during login, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.oracle.com/ Vendor Specific Advisory URL Secunia Advisory ID:7443 Other Advisory URL: http://www.nextgenss.com/advisories/ora-unauthrm.txt Other Advisory URL: http://www.appsecinc.com/resources/alerts/oracle/2003-0001.html Keyword: #NISR16022003a ISS X-Force ID: 11328 CVE-2003-0095 CIAC Advisory: n-046 CERT VU: 953746 CERT: CA-2003-05 Bugtraq ID: 6849