CVE-2003-0096

Name of the Vulnerable Software and Affected Versions Oracle Database versions 8.0.6, 8.1.7, 9i Release 1, and 9i Release 2

Description The issue is related to multiple buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved through a long conversion string argument to the TO TIMESTAMP TZ function, a long time zone argument to the TZ OFFSET function, or a long DIRECTORY parameter to the BFILENAME function.

Recommendations For Oracle Database version 8.0.6, update to a version that includes the fix for this issue. For Oracle Database version 8.1.7, update to a version that includes the fix for this issue. For Oracle Database version 9i Release 1, update to a version that includes the fix for this issue. For Oracle Database version 9i Release 2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the TO TIMESTAMP TZ, TZ OFFSET, and BFILENAME functions until a patch is available.