CVE-2002-0965

Name of the Vulnerable Software and Affected Versions: Oracle 9i Database Server version Oracle 8 on VM version

Description: A buffer overflow issue exists in the TNS Listener, allowing local users to execute arbitrary code via a long SERVICE NAME parameter. This parameter is not properly handled when writing an error message to a log file.

Recommendations: For Oracle 9i Database Server, update the TNS Listener to properly handle the SERVICE NAME parameter to prevent buffer overflow. For Oracle 8 on VM, restrict access to the TNS Listener to minimize the risk of exploitation until a proper fix is applied. As a temporary workaround, consider restricting the length of the SERVICE NAME parameter to prevent buffer overflow until a patch is available.