[Previous entry: "eweek article: Oracle Users Take Aim at High Costs, Security Silence"] [Next entry: "Creating read only users"]
Oracle Database 9i SQL Command Buffer Overflow Vulnerability
September 26th, 2004 by Pete
Post to del.icio.us
Post to Furl
Security focus newsletter #266 included news of the above bug. This is fixed in Oracle alert #68 but Security Focus has assigned a specific BID number, 11120 to this issue because specific technical information has been released. This is one of the un-disclosed vulnerabilities in BID 10871 assigned by Security Focus to Oracle alert #68. This looks like its the buffer overflow in the built in function SYS_CONTEXT. Alexander Kornbrust has been credited with this vulnerability.
