CVE-2003-0095 Information

Description

Buffer overflow in ORACLE.EXE for Oracle Database Server 9i 8i 8.1.7 and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login as exploitable through client applications that perform their own authentication as demonstrated using LOADPSP.

Reference

http://marc.info/?l=bugtraq&m=104549693426042&w=2 http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf http://www.cert.org/advisories/CA-2003-05.html http://www.ciac.org/ciac/bulletins/n-046.shtml http://www.iss.net/security_center/static/11328.php http://www.kb.cert.org/vuls/id/953746 http://www.osvdb.org/6319 http://www.securityfocus.com/bid/6849