CVE-2008-1820

Name of the Vulnerable Software and Affected Versions Oracle Database versions 9.2.0.8 through 11.1.0.6

Description The issue concerns an unspecified vulnerability in the Data Pump component, related to KUPF$FILE INT, with remote attack vectors. It is reportedly associated with the SYS.KUPF$FILE INT.GET FULL FILENAME procedure, potentially involving a buffer overflow.

Recommendations For Oracle Database versions 9.2.0.8 through 11.1.0.6, consider restricting access to the SYS.KUPF$FILE INT.GET FULL FILENAME procedure as a temporary mitigation measure until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.