CVE-2003-0095

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 8.0.6 through 9i

Description A buffer overflow issue exists in the ORACLE.EXE component, allowing remote attackers to execute arbitrary code by providing a long username during the login process. This can be exploited through client applications that handle their own authentication, as shown using the LOADPSP method.

Recommendations For Oracle Database Server versions 8.0.6 through 9i, consider restricting access to the authentication mechanism to minimize the risk of exploitation until a fix is available. As a temporary workaround, limit the length of the username parameter to prevent buffer overflow.