Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Oracle数据库服务器BFILENAME函数远程缓冲区溢出漏洞
Vulnerability Description
Oracle Database是一款商业性质大型数据库系统。 Oracle数据库中的BFILENAME函数在处理DIRECTORY参数时缺少正确的缓冲区边界检查,远程攻击者可以利用这个漏洞对数据库进行缓冲区溢出攻击,可能以Oracle进程权限在系统上执行任意指令。 bfilename() 函数返回一个二进制大对象的指针。bfilename()在当用户提供超长DIRECOTRY参数时会发生缓冲区溢出,不过要利用这个漏洞,攻击者必须先登录到数据库服务器上,需要有合法的用户ID和密码,由于bfilename()
CVSS Information
N/A
Vulnerability Type
N/A