CVE-2003-1208

Name of the Vulnerable Software and Affected Versions Oracle 9i versions prior to 9.2.0.3

Description The issue allows local users to execute arbitrary code due to multiple buffer overflows. This can be achieved by setting the TIME ZONE session parameter to a long value or by providing long parameters to the NUMTOYMINTERVAL, NUMTODSINTERVAL, or FROM TZ functions.

Recommendations For Oracle 9i versions prior to 9.2.0.3, update to version 9.2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting the ability to set the TIME ZONE session parameter and limiting input to the NUMTOYMINTERVAL, NUMTODSINTERVAL, and FROM TZ functions to prevent exploitation.