| Vulnerability Name: | CVE-2003-1208 (CCN-15060) | ||||||||
| Assigned: | 2004-02-05 | ||||||||
| Published: | 2004-02-05 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions. This was fixed in Oracle 9i Database Release 2, version 9.2.0.3. | ||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: BUGTRAQ Type: Exploit, Vendor Advisory 20040205 Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow Source: CCN Type: VulnWatch Mailing List, Thu Feb 05 2004 - 14:15:57 CST Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow Source: MITRE Type: CNA CVE-2003-1208 Source: CCN Type: Oracle MetaLink Web site Oracle Corporation - OracleMetaLink Source: CCN Type: SA10805 Oracle9i Database Multiple Buffer Overflow Vulnerabilities Source: SECUNIA Type: Exploit, Patch 10805 Source: CCN Type: CIAC Information Bulletin O-093 Oracle9i Database Buffer Overflow Vulnerabilities Source: CIAC Type: Patch, Vendor Advisory O-093 Source: CCN Type: US-CERT VU#240174 Oracle9i Database contains buffer overflow in TIME_ZONE session parameter Source: CERT-VN Type: Patch, Third Party Advisory, US Government Resource VU#240174 Source: CCN Type: US-CERT VU#399806 Oracle9i Database contains buffer overflow in FROM_TZ() function Source: CERT-VN Type: Patch, Third Party Advisory, US Government Resource VU#399806 Source: CCN Type: US-CERT VU#819126 Oracle9i Database contains buffer overflow in NUMTOYMINTERVAL() function Source: CERT-VN Type: Patch, Third Party Advisory, US Government Resource VU#819126 Source: CCN Type: US-CERT VU#846582 Oracle9i Database contains buffer overflow in NUMTODSINTERVAL() function Source: CERT-VN Type: Patch, Third Party Advisory, US Government Resource VU#846582 Source: MISC Type: Exploit, Patch http://www.nextgenss.com/advisories/ora_from_tz.txt Source: MISC Type: Exploit, Patch http://www.nextgenss.com/advisories/ora_numtodsinterval.txt Source: CCN Type: NGSSoftware Insight Security Research Advisory #NISR12122003d Oracle NUMTOYMINTERVAL Remote System Overflow Source: MISC Type: Exploit, Patch http://www.nextgenss.com/advisories/ora_numtoyminterval.txt Source: CCN Type: NGSSoftware Insight Security Research Advisory #NISR12122003e Oracle TIME_ZONE Remote System Buffer Overrun Source: MISC Type: Exploit http://www.nextgenss.com/advisories/ora_time_zone.txt Source: OSVDB Type: Exploit, Patch, Vendor Advisory 3837 Source: OSVDB Type: Exploit, Patch, Vendor Advisory 3838 Source: OSVDB Type: Exploit, Patch, Vendor Advisory 3839 Source: OSVDB Type: Exploit, Patch, Vendor Advisory 3840 Source: CCN Type: OSVDB ID: 3837 Oracle Database NUMTOYMINTERVAL Function Local Overflow Source: CCN Type: OSVDB ID: 3838 Oracle Database NUMTODSINTERVAL Function Local Overflow Source: CCN Type: OSVDB ID: 3839 Oracle Database FROM_TZ Function Local Overflow Source: CCN Type: OSVDB ID: 3840 Oracle Database TIME_ZONE Function Local Overflow Source: BID Type: Exploit, Patch, Vendor Advisory 9587 Source: CCN Type: BID-9587 Multiple Oracle Database Parameter/Statement Buffer Overflow Vulnerabilities Source: XF Type: UNKNOWN oracle-multiple-function-bo(15060) Source: XF Type: UNKNOWN oracle-multiple-function-bo(15060) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||