CVE-2002-0857

Name of the Vulnerable Software and Affected Versions: Oracle versions 7.3.4, 8.1, 9.0, and 9.2

Description: The issue allows remote attackers to execute arbitrary code on the Oracle DBA system. This is achieved by placing format strings into certain entries in the listener.ora configuration file, which is used by the Oracle Listener Control utility (lsnrctl).

Recommendations: For Oracle version 7.3.4, update the listener.ora configuration file to remove any format strings from the entries. For Oracle version 8.1, update the listener.ora configuration file to remove any format strings from the entries. For Oracle version 9.0, update the listener.ora configuration file to remove any format strings from the entries. For Oracle version 9.2, update the listener.ora configuration file to remove any format strings from the entries.