Vulnerability Name:

CVE-2003-0096 (CCN-11325)

Assigned:2003-02-11
Published:2003-02-11
Updated:2016-10-18
Summary:Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: VULNWATCH
Type: UNKNOWN
20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)

Source: VULNWATCH
Type: UNKNOWN
20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)

Source: VULNWATCH
Type: UNKNOWN
20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)

Source: MITRE
Type: CNA
CVE-2003-0096

Source: BUGTRAQ
Type: UNKNOWN
20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)

Source: BUGTRAQ
Type: UNKNOWN
20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)

Source: BUGTRAQ
Type: UNKNOWN
20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)

Source: CCN
Type: Oracle Security Alert #48
Buffer Overflow in Oracle9i Database Server

Source: CONFIRM
Type: UNKNOWN
http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf

Source: CONFIRM
Type: UNKNOWN
http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf

Source: CONFIRM
Type: UNKNOWN
http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf

Source: CCN
Type: CERT Advisory CA-2003-05
Multiple Vulnerabilities in Oracle Servers

Source: CERT
Type: US Government Resource
CA-2003-05

Source: CCN
Type: CIAC Information Bulletin N-046
Multiple Vulnerabilities in Oracle Servers

Source: CIAC
Type: UNKNOWN
N-046

Source: XF
Type: UNKNOWN
oracle-bfilename-directory-bo(11325)

Source: XF
Type: UNKNOWN
oracle-tzoffset-bo(11326)

Source: XF
Type: Vendor Advisory
oracle-totimestamptz-bo(11327)

Source: CCN
Type: US-CERT VU#663786
Oracle9i Database contains remotely exploitable buffer overflow in BFILENAME function

Source: CERT-VN
Type: US Government Resource
VU#663786

Source: CCN
Type: US-CERT VU#743954
Oracle9i Database contains remotely exploitable buffer overflow in TZ_OFFSET function

Source: CERT-VN
Type: US Government Resource
VU#743954

Source: CCN
Type: US-CERT VU#840666
Oracle9i Database contains remotely exploitable buffer overflow in TO_TIMESTAMP_TZ function

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#840666

Source: CCN
Type: NGSSoftware Insight Security Research Advisory #NISR16022003e
ORACLE bfilename function buffer overflow vulnerability

Source: MISC
Type: UNKNOWN
http://www.nextgenss.com/advisories/ora-bfilebo.txt

Source: MISC
Type: UNKNOWN
http://www.nextgenss.com/advisories/ora-tmstmpbo.txt

Source: MISC
Type: UNKNOWN
http://www.nextgenss.com/advisories/ora-tzofstbo.txt

Source: BID
Type: UNKNOWN
6847

Source: CCN
Type: BID-6847
Oracle Database Server TO_TIMESTAMP_TZ Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
6848

Source: CCN
Type: BID-6848
Oracle Database Server TZ_OFFSET Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
6850

Source: CCN
Type: BID-6850
Oracle Database Server DIRECTORY Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
oracle-bfilename-directory-bo(11325)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:database_server:8.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2003-0096 (CCN-11326)

    Assigned:2003-02-11
    Published:2003-02-11
    Updated:2003-02-11
    Summary:Oracle Database Servers are vulnerable to a buffer overflow in the TZ_OFFSET function, caused by improper bounds checking of user-supplied input. By supplying an overly long argument to the TZ_OFFSET function, a remote attacker could overflow a buffer and execute arbitrary commands on the server with elevated privileges.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): Single_Instance
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2003-0096

    Source: CCN
    Type: Oracle Security Alert #49
    Buffer Overflow in Oracle9i Database Server

    Source: CCN
    Type: CERT Advisory CA-2003-05
    Multiple Vulnerabilities in Oracle Servers

    Source: CCN
    Type: CIAC Information Bulletin N-046
    Multiple Vulnerabilities in Oracle Servers

    Source: CCN
    Type: US-CERT VU#663786
    Oracle9i Database contains remotely exploitable buffer overflow in BFILENAME function

    Source: CCN
    Type: US-CERT VU#743954
    Oracle9i Database contains remotely exploitable buffer overflow in TZ_OFFSET function

    Source: CCN
    Type: US-CERT VU#840666
    Oracle9i Database contains remotely exploitable buffer overflow in TO_TIMESTAMP_TZ function

    Source: CCN
    Type: NGSSoftware Insight Security Research Advisory #NISR16022003c
    Oracle TZ_OFFSET Remote System Buffer Overrun

    Source: CCN
    Type: BID-6847
    Oracle Database Server TO_TIMESTAMP_TZ Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-6848
    Oracle Database Server TZ_OFFSET Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-6850
    Oracle Database Server DIRECTORY Buffer Overflow Vulnerability

    Source: XF
    Type: UNKNOWN
    oracle-tzoffset-bo(11326)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:oracle:database_server:8.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0.2.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2003-0096 (CCN-11327)

    Assigned:2003-02-11
    Published:2003-02-11
    Updated:2003-02-11
    Summary:Oracle Database Servers are vulnerable to a buffer overflow in the TO_TIMESTAMP_TZ function, caused by improper bounds checking of user-supplied input. By supplying an overly long argument to the TO_TIMESTAMP_TZ function, a remote attacker could overflow a buffer and execute arbitrary commands on the server with elevated privileges.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): Single_Instance
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2003-0096

    Source: CCN
    Type: Oracle Security Alert #50
    Buffer Overflow in Oracle9i Database Server

    Source: CCN
    Type: CERT Advisory CA-2003-05
    Multiple Vulnerabilities in Oracle Servers

    Source: CCN
    Type: CIAC Information Bulletin N-046
    Multiple Vulnerabilities in Oracle Servers

    Source: CCN
    Type: US-CERT VU#663786
    Oracle9i Database contains remotely exploitable buffer overflow in BFILENAME function

    Source: CCN
    Type: US-CERT VU#743954
    Oracle9i Database contains remotely exploitable buffer overflow in TZ_OFFSET function

    Source: CCN
    Type: US-CERT VU#840666
    Oracle9i Database contains remotely exploitable buffer overflow in TO_TIMESTAMP_TZ function

    Source: CCN
    Type: NGSSoftware Insight Security Research Advisory #NISR16022003b
    Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun

    Source: CCN
    Type: BID-6847
    Oracle Database Server TO_TIMESTAMP_TZ Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-6848
    Oracle Database Server TZ_OFFSET Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-6850
    Oracle Database Server DIRECTORY Buffer Overflow Vulnerability

    Source: XF
    Type: UNKNOWN
    oracle-totimestamptz-bo(11327)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:oracle:database_server:8.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0.2.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    oracle database server 8.0.6
    oracle database server 9.2.1
    oracle database server 9.2.2
    oracle oracle8i 8.1.7
    oracle oracle8i 8.1.7.1
    oracle oracle9i 9.0
    oracle oracle9i 9.0.1
    oracle oracle9i 9.0.1.2
    oracle oracle9i 9.0.1.3
    oracle oracle9i 9.0.2
    oracle database server 8.1.7
    oracle database server 8.0.6
    oracle database server 9.0
    oracle database server 8.1.7.1
    oracle database server 9.0.2.4
    oracle database server 8.1.7
    oracle database server 8.0.6
    oracle database server 9.0
    oracle database server 8.1.7.1
    oracle database server 9.0.2.4