CVE-2003-0096

Current Description

Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.

Basic Data

PublishedMarch 03, 2003
Last ModifiedOctober 18, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.0
SeverityHIGH
Exploitability Score8.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOracleDatabase Server8.0.6*******
    2.3ApplicationOracleDatabase Server9.2.1*******
    2.3ApplicationOracleDatabase Server9.2.2*******
    2.3ApplicationOracleOracle8i8.1.7*******
    2.3ApplicationOracleOracle8i8.1.7.1*******
    2.3ApplicationOracleOracle9i9.0*******
    2.3ApplicationOracleOracle9i9.0.1*******
    2.3ApplicationOracleOracle9i9.0.1.2*******
    2.3ApplicationOracleOracle9i9.0.1.3*******
    2.3ApplicationOracleOracle9i9.0.2*******

Vulnerable Software List

VendorProductVersions
Oracle Database Server 8.0.6, 9.2.1, 9.2.2
Oracle Oracle9i 9.0, 9.0.1, 9.0.1.2, 9.0.1.3, 9.0.2
Oracle Oracle8i 8.1.7, 8.1.7.1

References

NameSourceURLTags
20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.htmlVULNWATCH
20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.htmlVULNWATCH
20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.htmlVULNWATCH
20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)http://marc.info/?l=bugtraq&m=104549743326864&w=2BUGTRAQ
20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)http://marc.info/?l=bugtraq&m=104549782327321&w=2BUGTRAQ
20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)http://marc.info/?l=bugtraq&m=104550346303295&w=2BUGTRAQ
http://otn.oracle.com/deploy/security/pdf/2003alert48.pdfhttp://otn.oracle.com/deploy/security/pdf/2003alert48.pdfCONFIRM
http://otn.oracle.com/deploy/security/pdf/2003alert49.pdfhttp://otn.oracle.com/deploy/security/pdf/2003alert49.pdfCONFIRM
http://otn.oracle.com/deploy/security/pdf/2003alert50.pdfhttp://otn.oracle.com/deploy/security/pdf/2003alert50.pdfCONFIRM
CA-2003-05http://www.cert.org/advisories/CA-2003-05.htmlCERTUS Government Resource
N-046http://www.ciac.org/ciac/bulletins/n-046.shtmlCIAC
oracle-bfilename-directory-bo(11325)http://www.iss.net/security_center/static/11325.phpXF
oracle-tzoffset-bo(11326)http://www.iss.net/security_center/static/11326.phpXF
oracle-totimestamptz-bo(11327)http://www.iss.net/security_center/static/11327.phpXFVendor Advisory
VU#663786http://www.kb.cert.org/vuls/id/663786CERT-VNUS Government Resource
VU#743954http://www.kb.cert.org/vuls/id/743954CERT-VNUS Government Resource
VU#840666http://www.kb.cert.org/vuls/id/840666CERT-VNThird Party Advisory US Government Resource
http://www.nextgenss.com/advisories/ora-bfilebo.txthttp://www.nextgenss.com/advisories/ora-bfilebo.txtMISC
http://www.nextgenss.com/advisories/ora-tmstmpbo.txthttp://www.nextgenss.com/advisories/ora-tmstmpbo.txtMISC
http://www.nextgenss.com/advisories/ora-tzofstbo.txthttp://www.nextgenss.com/advisories/ora-tzofstbo.txtMISC
6847http://www.securityfocus.com/bid/6847BID
6848http://www.securityfocus.com/bid/6848BID
6850http://www.securityfocus.com/bid/6850BID