PT-2002-1871 · Oracle · Oracle

Published

2002-08-20

Updated

2016-10-18

CVE-2002-0857

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Oracle versions 7.3.4, 8.1, 9.0, and 9.2

Description: The issue allows remote attackers to execute arbitrary code on the Oracle DBA system. This is achieved by placing format strings into certain entries in the listener.ora configuration file, which is used by the Oracle Listener Control utility (lsnrctl).

Recommendations: For Oracle version 7.3.4, update the listener.ora configuration file to remove any format strings from the entries. For Oracle version 8.1, update the listener.ora configuration file to remove any format strings from the entries. For Oracle version 9.0, update the listener.ora configuration file to remove any format strings from the entries. For Oracle version 9.2, update the listener.ora configuration file to remove any format strings from the entries.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0857

Affected Products

Oracle

PT-2002-1871 · Oracle · Oracle

CVE-2002-0857

Related Identifiers

Affected Products

References · 8