Alias(es)Oracle9i.XDB.FTP.Pass.Overflow |
Release DateSep 11, 2006 |
Severitylow |
ImpactUnauthorized access to, and compromise of, the affected system. |
DescriptionIndicates an attempt to exploit of a buffer overflow vulnerability in Oracle9i 9.2 .0.1 database server.Oracle 9i has service called the Oracle XML Database or XDB that can be accessed via an HTTP based service on TCP port 8080 or an ftp based service on TCP port 2100. Multiple buffer overflow vulnerabilities are reported in it that may allow an attacker to execute arbitrary code on the vulnerable system. An attacker may send an overly long username/password to the ftp XDB service to cause a stack-based buffer overflow and execute arbitrary code on the affected system. |
Affected ProductsOracle Oracle9i 9.2 .0.1 |
Recommended ActionsUpgrade to Oracle Oracle9i 9.2 .0.4. or later |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2003-0727 |
