Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2003-0096

Disclosure Date: March 03, 2003
CVE-2003-0096
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2003-0096 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0096)
BID-6850 (http://www.securityfocus.com/bid/6850)
BID-6847 (http://www.securityfocus.com/bid/6847)
BID-6848 (http://www.securityfocus.com/bid/6848)
Advisory
http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf
VU#743954 (http://www.kb.cert.org/vuls/id/743954)
20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b) (http://marc.info?l=bugtraq&m=104549743326864&w=2)
XF-oracle-bfilename-directory-bo(11325) (http://www.iss.net/security_center/static/11325.php)
VU#840666 (http://www.kb.cert.org/vuls/id/840666)
CA-2003-05 (http://www.cert.org/advisories/CA-2003-05.html)
http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf
XF-oracle-totimestamptz-bo(11327) (http://www.iss.net/security_center/static/11327.php)
http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf
XF-oracle-tzoffset-bo(11326) (http://www.iss.net/security_center/static/11326.php)
20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e) (http://marc.info?l=bugtraq&m=104550346303295&w=2)
VU#663786 (http://www.kb.cert.org/vuls/id/663786)
20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c) (http://marc.info?l=bugtraq&m=104549782327321&w=2)
Miscellaneous
http://www.nextgenss.com/advisories/ora-tmstmpbo.txt
20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e) (http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html)
20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c) (http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html)
N-046 (http://www.ciac.org/ciac/bulletins/n-046.shtml)
http://www.nextgenss.com/advisories/ora-bfilebo.txt
http://www.nextgenss.com/advisories/ora-tzofstbo.txt
20030217 Oracle unauthenticated remote system compromise (#NISR16022003a) (http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis