CVE-2014-6567

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.1.0.7 through 11.2.0.4 Oracle Database Server versions 12.1.0.1 through 12.1.0.2

Description The issue affects confidentiality, integrity, and availability. It may be related to a stack-based buffer overflow in DBMS AW.EXECUTE, potentially allowing code execution via a long Current Directory Alias (CDA) command. Remote attackers may be able to bypass security restrictions, execute arbitrary SQL commands, and gain access to sensitive data.

Recommendations For Oracle Database Server versions 11.1.0.7 through 11.2.0.4, update to a version that is not affected by this issue. For Oracle Database Server versions 12.1.0.1 through 12.1.0.2, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the DBMS AW.EXECUTE function and limiting the length of the Current Directory Alias (CDA) command to prevent potential code execution.