VULHUB ™

This issue corresponds to one of the unspecified vulnerabilities mentioned in BID 10871 (Oracle Multiple Unspecified Vulnerabilities) and addressed by Oracle Alert #68. The issue is being assigned its own BID due to the release of specific technical information. Reportedly Oracle Database 9i is affected by an SQL command buffer overflow vulnerability. This issue is due to a failure of the application to properly verify user-supplied string lengths prior to copying them into finite process buffers. Successful exploitation of this issue would allow a malicious user to manipulate the memory of the affected database process. This issue will ultimately facilitate arbitrary code execution with the privileges of the affected process.

This issue corresponds to one of the unspecified vulnerabilities mentioned in BID 10871 (Oracle Multiple Unspecified Vulnerabilities) and addressed by Oracle Alert #68. The issue is being assigned its own BID due to the release of specific technical information. Reportedly Oracle Database 9i is affected by an SQL command buffer overflow vulnerability. This issue is due to a failure of the application to properly verify user-supplied string lengths prior to copying them into finite process buffers. Successful exploitation of this issue would allow a malicious user to manipulate the memory of the affected database process. This issue will ultimately facilitate arbitrary code execution with the privileges of the affected process.