A potential security vulnerability has been discovered in Oracle Net Services for the Oracle Database server. A knowledgeable and malicious user can cause a buffer overflow in an Oracle database link that may result in a Denial of Service (DoS) attack and/or the execution of arbitrary code against the Oracle Database server.
- Oracle9i Release 2
- Oracle9i Release 1
- Oracle8i (8.1.x - all releases)
- Oracle8 (8.0.x - all releases)
- Oracle7 Release 7.3.x
The article continues at http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf