Potential security vulnerabilities have been discovered in the EXTPROC executable of the Oracle Database. A knowledgeable and malicious user can potentially execute arbitrary code against the Oracle database by exploiting buffer overflows in this executable.
- Oracle9i Release 2
- Oracle9i Release 1
- Oracle8i (8.1.x - all releases)
Required conditions for exploit
Database authenticated user (i.e., valid login required) with the CREATE LIBRARY or the CREATE ANY LIBRARY privilege.
The article continues at http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf