CVE-2002-0947 Information

Description

Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier as used in Oracle9iAS and other products allows remote attackers to execute arbitrary code via a long database name parameter.

Reference

http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0097.html http://online.securityfocus.com/archive/1/276524 http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf http://www.iss.net/security_center/static/9289.php http://www.kb.cert.org/vuls/id/997403 http://www.nextgenss.com/vna/ora-reports.txt http://www.securityfocus.com/bid/4848