Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=110382345829397&w=2 | Mailing List |
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | Broken Link |
http://www.kb.cert.org/vuls/id/316206 | Third Party Advisory US Government Resource |
http://www.ngssoftware.com/advisories/oracle23122004.txt | Broken Link Patch Vendor Advisory |
http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | Broken Link Patch Vendor Advisory |
http://www.securityfocus.com/bid/10871 | Broken Link Patch Third Party Advisory VDB Entry |
http://www.us-cert.gov/cas/techalerts/TA04-245A.html | Broken Link Patch Third Party Advisory US Government Resource |
https://exchange.xforce.ibmcloud.com/vulnerabilities/18659 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
02 Feb 2024, 14:01
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 9.8 |
CWE | CWE-131 | |
References | (CERT) http://www.us-cert.gov/cas/techalerts/TA04-245A.html - Broken Link, Patch, Third Party Advisory, US Government Resource | |
References | (CERT-VN) http://www.kb.cert.org/vuls/id/316206 - Third Party Advisory, US Government Resource | |
References | (BID) http://www.securityfocus.com/bid/10871 - Broken Link, Patch, Third Party Advisory, VDB Entry | |
References | (MISC) http://www.ngssoftware.com/advisories/oracle23122004.txt - Broken Link, Patch, Vendor Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/18659 - Third Party Advisory, VDB Entry | |
References | (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 - Broken Link | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=110382345829397&w=2 - Mailing List | |
References | (CONFIRM) http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf - Broken Link, Patch, Vendor Advisory | |
First Time |
Oracle database Server
|
|
CPE | cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:* |
cpe:2.3:a:oracle:database_server:9.2.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:database_server:9.0.1.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:database_server:10.1.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:database_server:9.2.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:database_server:9.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:database_server:9.0.1.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:collaboration_suite:-:*:*:*:*:*:*:* |
Information
Published : 2004-08-04 04:00
Updated : 2024-02-28 10:24
NVD link : CVE-2004-1363
Mitre link : CVE-2004-1363
CVE.ORG link : CVE-2004-1363
JSON object : View
Products Affected
oracle
- enterprise_manager_database_control
- enterprise_manager
- application_server
- database_server
- e-business_suite
- enterprise_manager_grid_control
- collaboration_suite
CWE
CWE-131
Incorrect Calculation of Buffer Size