Buffer Overflow in SYS_CONTEXT() in Oracle 9i Rel.2
Name Buffer Overflow in SYS_CONTEXT() in Oracle9i Rel.2
Systems Affected Oracle9i Rel. 2 (Windows platform only)
Severity Medium Risk
Category Buffer Overflow
Vendor URL http://www.oracle.com
Author Alexander Kornbrust (ak at red-database-security.com)
Date 15 Apr 2005 (V 1.01)
Any valid database user with the possibility to run SQL commands (e.g. via SQL*Plus), can create a buffer overflow
by abusing the SYS_CONTEXT()-function. This vulnerability affects only the windows versions of Oracle 9i Rel. 2 (22.214.171.124 - 126.96.36.199).
Oracle 9i Rel. 1 or Oracle 10g are NOT affected.
No workarounds available.
Please see MetaLink Document ID 281189.1 for the patch download procedures and for the Patch Availability Matrix for this Oracle Security Alert.
2 September 2003 Oracle was informed
2 September 2003 Bug confirmed
31 August 2004 Oracle published alert 68
About Red-Database-Security GmbH
Red-Database-Security GmbH is a specialist in Oracle Security.
info at red-database-security.com
(c) 2004 by Red-Database-Security GmbH