CVE-2004-1363: Buffer Overflow
First published: Wed Aug 04 2004(Updated: )
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Application Server | ||
| Oracle Application Server | =9.0.2 | |
| Oracle Application Server | =9.0.2.0.0 | |
| Oracle Application Server | =9.0.2.0.1 | |
| Oracle Application Server | =9.0.2.1 | |
| Oracle Application Server | =9.0.2.2 | |
| Oracle Application Server | =9.0.2.3 | |
| Oracle Application Server | =9.0.3 | |
| Oracle Application Server | =9.0.3.1 | |
| Oracle Application Server | =9.0.4 | |
| Oracle Application Server | =9.0.4.0 | |
| Oracle Application Server | =9.0.4.1 | |
| Oracle Collaboration Suite | =release_1 | |
| Oracle E-Business Suite | =11.5.1 | |
| Oracle E-Business Suite | =11.5.2 | |
| Oracle E-Business Suite | =11.5.3 | |
| Oracle E-Business Suite | =11.5.4 | |
| Oracle E-Business Suite | =11.5.5 | |
| Oracle E-Business Suite | =11.5.6 | |
| Oracle E-Business Suite | =11.5.7 | |
| Oracle E-Business Suite | =11.5.8 | |
| Oracle E-Business Suite | =11.5.9 | |
| Oracle Enterprise Manager | =9 | |
| Oracle Enterprise Manager | =9.0.1 | |
| Oracle Enterprise Manager Database Control | =10.1.2 | |
| Oracle Enterprise Manager Grid Control | =10.1.0.2 | |
| Oracle Oracle10g | =enterprise_9.0.4_.0 | |
| Oracle Oracle10g | =enterprise_10.1.0.2 | |
| Oracle Oracle10g | =personal_9.0.4_.0 | |
| Oracle Oracle10g | =personal_10.1_.0.2 | |
| Oracle Oracle10g | =standard_9.0.4_.0 | |
| Oracle Oracle10g | =standard_10.1_.0.2 | |
| Oracle Oracle8i | =enterprise_8.0.5_.0.0 | |
| Oracle Oracle8i | =enterprise_8.0.6_.0.0 | |
| Oracle Oracle8i | =enterprise_8.0.6_.0.1 | |
| Oracle Oracle8i | =enterprise_8.1.5_.0.0 | |
| Oracle Oracle8i | =enterprise_8.1.5_.0.2 | |
| Oracle Oracle8i | =enterprise_8.1.5_.1.0 | |
| Oracle Oracle8i | =enterprise_8.1.6_.0.0 | |
| Oracle Oracle8i | =enterprise_8.1.6_.1.0 | |
| Oracle Oracle8i | =enterprise_8.1.7_.0.0 | |
| Oracle Oracle8i | =enterprise_8.1.7_.1.0 | |
| Oracle Oracle8i | =enterprise_8.1.7_.4 | |
| Oracle Oracle8i | =standard_8.0.6 | |
| Oracle Oracle8i | =standard_8.0.6_.3 | |
| Oracle Oracle8i | =standard_8.1.5 | |
| Oracle Oracle8i | =standard_8.1.6 | |
| Oracle Oracle8i | =standard_8.1.7 | |
| Oracle Oracle8i | =standard_8.1.7_.0.0 | |
| Oracle Oracle8i | =standard_8.1.7_.1 | |
| Oracle Oracle8i | =standard_8.1.7_.4 | |
| Oracle Oracle9i | =client_9.2.0.1 | |
| Oracle Oracle9i | =client_9.2.0.2 | |
| Oracle Oracle9i | =enterprise_8.1.7 | |
| Oracle Oracle9i | =enterprise_9.0.1 | |
| Oracle Oracle9i | =enterprise_9.0.1.4 | |
| Oracle Oracle9i | =enterprise_9.0.1.5 | |
| Oracle Oracle9i | =enterprise_9.2.0 | |
| Oracle Oracle9i | =enterprise_9.2.0.1 | |
| Oracle Oracle9i | =enterprise_9.2.0.2 | |
| Oracle Oracle9i | =enterprise_9.2.0.3 | |
| Oracle Oracle9i | =enterprise_9.2.0.4 | |
| Oracle Oracle9i | =enterprise_9.2.0.5 | |
| Oracle Oracle9i | =personal_8.1.7 | |
| Oracle Oracle9i | =personal_9.0.1 | |
| Oracle Oracle9i | =personal_9.0.1.4 | |
| Oracle Oracle9i | =personal_9.0.1.5 | |
| Oracle Oracle9i | =personal_9.2 | |
| Oracle Oracle9i | =personal_9.2.0.1 | |
| Oracle Oracle9i | =personal_9.2.0.2 | |
| Oracle Oracle9i | =personal_9.2.0.3 | |
| Oracle Oracle9i | =personal_9.2.0.4 | |
| Oracle Oracle9i | =personal_9.2.0.5 | |
| Oracle Oracle9i | =standard_8.1.7 | |
| Oracle Oracle9i | =standard_9.0 | |
| Oracle Oracle9i | =standard_9.0.1 | |
| Oracle Oracle9i | =standard_9.0.1.2 | |
| Oracle Oracle9i | =standard_9.0.1.3 | |
| Oracle Oracle9i | =standard_9.0.1.4 | |
| Oracle Oracle9i | =standard_9.0.1.5 | |
| Oracle Oracle9i | =standard_9.0.2 | |
| Oracle Oracle9i | =standard_9.2 | |
| Oracle Oracle9i | =standard_9.2.0.1 | |
| Oracle Oracle9i | =standard_9.2.0.2 | |
| Oracle Oracle9i | =standard_9.2.0.3 | |
| Oracle Oracle9i | =standard_9.2.0.4 | |
| Oracle Oracle9i | =standard_9.2.0.5 | |
| Oracle Collaboration Suite | ||
| Oracle Database Server | =8.1.7.4 | |
| Oracle Database Server | =9.0.1.4 | |
| Oracle Database Server | =9.0.1.5 | |
| Oracle Database Server | =9.0.4 | |
| Oracle Database Server | =9.2.0.4 | |
| Oracle Database Server | =9.2.0.5 | |
| Oracle Database Server | =10.1.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://marc.info/?l=bugtraq&m=110382345829397&w=2
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1
- http://www.kb.cert.org/vuls/id/316206
- http://www.ngssoftware.com/advisories/oracle23122004.txt
- http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
- http://www.securityfocus.com/bid/10871
- http://www.us-cert.gov/cas/techalerts/TA04-245A.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18659
- collector/nvd-index
- collector/nvd-historical
- agent/references
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/event
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/oracle
- canonical/oracle application server
- version/oracle application server/9.0.2
- version/oracle application server/9.0.2.0.0
- version/oracle application server/9.0.2.0.1
- version/oracle application server/9.0.2.1
- version/oracle application server/9.0.2.2
- version/oracle application server/9.0.2.3
- version/oracle application server/9.0.3
- version/oracle application server/9.0.3.1
- version/oracle application server/9.0.4
- version/oracle application server/9.0.4.0
- version/oracle application server/9.0.4.1
- canonical/oracle collaboration suite
- version/oracle collaboration suite/release_1
- canonical/oracle e-business suite
- version/oracle e-business suite/11.5.1
- version/oracle e-business suite/11.5.2
- version/oracle e-business suite/11.5.3
- version/oracle e-business suite/11.5.4
- version/oracle e-business suite/11.5.5
- version/oracle e-business suite/11.5.6
- version/oracle e-business suite/11.5.7
- version/oracle e-business suite/11.5.8
- version/oracle e-business suite/11.5.9
- canonical/oracle enterprise manager
- version/oracle enterprise manager/9
- version/oracle enterprise manager/9.0.1
- canonical/oracle enterprise manager database control
- version/oracle enterprise manager database control/10.1.2
- canonical/oracle enterprise manager grid control
- version/oracle enterprise manager grid control/10.1.0.2
- canonical/oracle oracle10g
- version/oracle oracle10g/enterprise_9.0.4_.0
- version/oracle oracle10g/enterprise_10.1.0.2
- version/oracle oracle10g/personal_9.0.4_.0
- version/oracle oracle10g/personal_10.1_.0.2
- version/oracle oracle10g/standard_9.0.4_.0
- version/oracle oracle10g/standard_10.1_.0.2
- canonical/oracle oracle8i
- version/oracle oracle8i/enterprise_8.0.5_.0.0
- version/oracle oracle8i/enterprise_8.0.6_.0.0
- version/oracle oracle8i/enterprise_8.0.6_.0.1
- version/oracle oracle8i/enterprise_8.1.5_.0.0
- version/oracle oracle8i/enterprise_8.1.5_.0.2
- version/oracle oracle8i/enterprise_8.1.5_.1.0
- version/oracle oracle8i/enterprise_8.1.6_.0.0
- version/oracle oracle8i/enterprise_8.1.6_.1.0
- version/oracle oracle8i/enterprise_8.1.7_.0.0
- version/oracle oracle8i/enterprise_8.1.7_.1.0
- version/oracle oracle8i/enterprise_8.1.7_.4
- version/oracle oracle8i/standard_8.0.6
- version/oracle oracle8i/standard_8.0.6_.3
- version/oracle oracle8i/standard_8.1.5
- version/oracle oracle8i/standard_8.1.6
- version/oracle oracle8i/standard_8.1.7
- version/oracle oracle8i/standard_8.1.7_.0.0
- version/oracle oracle8i/standard_8.1.7_.1
- version/oracle oracle8i/standard_8.1.7_.4
- canonical/oracle oracle9i
- version/oracle oracle9i/client_9.2.0.1
- version/oracle oracle9i/client_9.2.0.2
- version/oracle oracle9i/enterprise_8.1.7
- version/oracle oracle9i/enterprise_9.0.1
- version/oracle oracle9i/enterprise_9.0.1.4
- version/oracle oracle9i/enterprise_9.0.1.5
- version/oracle oracle9i/enterprise_9.2.0
- version/oracle oracle9i/enterprise_9.2.0.1
- version/oracle oracle9i/enterprise_9.2.0.2
- version/oracle oracle9i/enterprise_9.2.0.3
- version/oracle oracle9i/enterprise_9.2.0.4
- version/oracle oracle9i/enterprise_9.2.0.5
- version/oracle oracle9i/personal_8.1.7
- version/oracle oracle9i/personal_9.0.1
- version/oracle oracle9i/personal_9.0.1.4
- version/oracle oracle9i/personal_9.0.1.5
- version/oracle oracle9i/personal_9.2
- version/oracle oracle9i/personal_9.2.0.1
- version/oracle oracle9i/personal_9.2.0.2
- version/oracle oracle9i/personal_9.2.0.3
- version/oracle oracle9i/personal_9.2.0.4
- version/oracle oracle9i/personal_9.2.0.5
- version/oracle oracle9i/standard_8.1.7
- version/oracle oracle9i/standard_9.0
- version/oracle oracle9i/standard_9.0.1
- version/oracle oracle9i/standard_9.0.1.2
- version/oracle oracle9i/standard_9.0.1.3
- version/oracle oracle9i/standard_9.0.1.4
- version/oracle oracle9i/standard_9.0.1.5
- version/oracle oracle9i/standard_9.0.2
- version/oracle oracle9i/standard_9.2
- version/oracle oracle9i/standard_9.2.0.1
- version/oracle oracle9i/standard_9.2.0.2
- version/oracle oracle9i/standard_9.2.0.3
- version/oracle oracle9i/standard_9.2.0.4
- version/oracle oracle9i/standard_9.2.0.5
- canonical/oracle database server
- version/oracle database server/8.1.7.4
- version/oracle database server/9.0.1.4
- version/oracle database server/9.0.1.5
- version/oracle database server/9.0.4
- version/oracle database server/9.2.0.4
- version/oracle database server/9.2.0.5
- version/oracle database server/10.1.0.2