CVE-2004-0638

Name of the Vulnerable Software and Affected Versions Oracle 9i Database Server versions 9.0.1.4 through 9.0.1.5 Oracle 9i Database Server versions 9.2.0.3 through 9.2.0.4 Oracle 8i Database Server version 8.1.7.4

Description A buffer overflow issue exists in the KSDWRTB function within the dbms system package. This allows remote authorized users to execute arbitrary code by providing a long second argument to the ksdwrt function.

Recommendations For Oracle 9i Database Server versions 9.0.1.4 through 9.0.1.5, update to a version that includes the fix for this issue. For Oracle 9i Database Server versions 9.2.0.3 through 9.2.0.4, update to a version that includes the fix for this issue. For Oracle 8i Database Server version 8.1.7.4, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the dbms system.ksdwrt function until a patch is available.