CVE-2004-1363: Buffer Overflow
First published: Wed Aug 04 2004(Updated: )
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Java System Application Server | ||
| Oracle Java System Application Server | =9.0.2 | |
| Oracle Java System Application Server | =9.0.2.0.0 | |
| Oracle Java System Application Server | =9.0.2.0.1 | |
| Oracle Java System Application Server | =9.0.2.1 | |
| Oracle Java System Application Server | =9.0.2.2 | |
| Oracle Java System Application Server | =9.0.2.3 | |
| Oracle Java System Application Server | =9.0.3 | |
| Oracle Java System Application Server | =9.0.3.1 | |
| Oracle Java System Application Server | =9.0.4 | |
| Oracle Java System Application Server | =9.0.4.0 | |
| Oracle Java System Application Server | =9.0.4.1 | |
| Oracle Collaboration Suite 10g release 1 | ||
| Oracle Database | =8.1.7.4 | |
| Oracle Database | =9.0.1.4 | |
| Oracle Database | =9.0.1.5 | |
| Oracle Database | =9.0.4 | |
| Oracle Database | =9.2.0.4 | |
| Oracle Database | =9.2.0.5 | |
| Oracle Database | =10.1.0.2 | |
| Oracle E-Business Suite | =11.5.1 | |
| Oracle E-Business Suite | =11.5.2 | |
| Oracle E-Business Suite | =11.5.3 | |
| Oracle E-Business Suite | =11.5.4 | |
| Oracle E-Business Suite | =11.5.5 | |
| Oracle E-Business Suite | =11.5.6 | |
| Oracle E-Business Suite | =11.5.7 | |
| Oracle E-Business Suite | =11.5.8 | |
| Oracle E-Business Suite | =11.5.9 | |
| Oracle Enterprise Manager for Oracle Database | =9 | |
| Oracle Enterprise Manager for Oracle Database | =9.0.1 | |
| Oracle Enterprise Manager for Oracle Database | =10.1.2 | |
| Oracle Enterprise Manager | =10.1.0.2 | |
| Oracle Database | =standard_9.0.4_.0 | |
| Oracle Database | =standard_8.1.7_.4 | |
| Oracle Database | =standard_9.0.2 | |
| Oracle Database | =standard_9.0.1.4 | |
| Oracle Collaboration Suite 10g release 1 | =release_1 | |
| Oracle Database | =enterprise_8.1.6_.0.0 | |
| Oracle Database | =personal_8.1.7 | |
| Oracle Database | =client_9.2.0.2 | |
| Oracle Database | =client_9.2.0.1 | |
| Oracle Database | =enterprise_9.2.0.5 | |
| Oracle Database | =personal_9.2.0.1 | |
| Oracle Database | =personal_9.2.0.2 | |
| Oracle Database | =personal_9.2.0.5 | |
| Oracle Database | =standard_8.0.6 | |
| Oracle Database | =enterprise_8.1.5_.1.0 | |
| Oracle Database | =personal_9.0.1.5 | |
| Oracle Database | =personal_10.1_.0.2 | |
| Oracle Database | =standard_8.1.6 | |
| Oracle Database | =standard_9.0.1 | |
| Oracle Database | =standard_9.2.0.3 | |
| Oracle Database | =enterprise_9.2.0.2 | |
| Oracle Database | =enterprise_9.2.0.4 | |
| Oracle Database | =enterprise_9.0.1.5 | |
| Oracle Database | =personal_9.2 | |
| Oracle Database | =standard_9.0 | |
| Oracle Database | =standard_9.2.0.1 | |
| Oracle Database | =personal_9.0.4_.0 | |
| Oracle Database | =standard_9.2 | |
| Oracle Database | =enterprise_9.0.1 | |
| Oracle Database | =standard_9.0.1.2 | |
| Oracle Database | =standard_9.2.0.4 | |
| Oracle Database | =enterprise_9.2.0 | |
| Oracle Database | =standard_9.2.0.5 | |
| Oracle Database | =standard_8.1.7_.1 | |
| Oracle Database | =enterprise_8.1.7_.1.0 | |
| Oracle Database | =enterprise_8.1.5_.0.2 | |
| Oracle Database | =enterprise_8.1.6_.1.0 | |
| Oracle Database | =standard_8.1.7 | |
| Oracle Database | =enterprise_8.1.7 | |
| Oracle Database | =standard_10.1_.0.2 | |
| Oracle Database | =personal_9.0.1 | |
| Oracle Database | =enterprise_8.1.7_.0.0 | |
| Oracle Database | =standard_8.0.6_.3 | |
| Oracle Database | =standard_9.0.1.3 | |
| Oracle Database | =personal_9.2.0.4 | |
| Oracle Database | =standard_8.1.7_.0.0 | |
| Oracle Database | =standard_9.2.0.2 | |
| Oracle Database | =enterprise_8.1.7_.4 | |
| Oracle Database | =enterprise_10.1.0.2 | |
| Oracle Database | =enterprise_9.2.0.3 | |
| Oracle Database | =personal_9.0.1.4 | |
| Oracle Database | =enterprise_9.0.4_.0 | |
| Oracle Database | =personal_9.2.0.3 | |
| Oracle Database | =enterprise_8.0.6_.0.0 | |
| Oracle Database | =enterprise_8.1.5_.0.0 | |
| Oracle Database | =enterprise_9.2.0.1 | |
| Oracle Database | =standard_8.1.7 | |
| Oracle Database | =standard_9.0.1.5 | |
| Oracle Database | =enterprise_8.0.6_.0.1 | |
| Oracle Database | =enterprise_8.0.5_.0.0 | |
| Oracle Database | =standard_8.1.5 | |
| Oracle Database | =enterprise_9.0.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://marc.info/?l=bugtraq&m=110382345829397&w=2
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1
- http://www.kb.cert.org/vuls/id/316206
- http://www.ngssoftware.com/advisories/oracle23122004.txt
- http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
- http://www.securityfocus.com/bid/10871
- http://www.us-cert.gov/cas/techalerts/TA04-245A.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18659
Frequently Asked Questions
What is the severity of CVE-2004-1363?
CVE-2004-1363 is classified as a critical vulnerability due to its potential to allow remote attackers to execute arbitrary code.
How do I fix CVE-2004-1363?
To mitigate CVE-2004-1363, it is recommended to apply the latest security patches provided by Oracle for affected software versions.
What systems are affected by CVE-2004-1363?
CVE-2004-1363 affects multiple Oracle products including Oracle Application Server, Oracle Database, and Oracle E-Business Suite.
What type of vulnerability is CVE-2004-1363?
CVE-2004-1363 is a buffer overflow vulnerability that can be exploited through environment variables.
Is there a workaround for CVE-2004-1363?
No official workaround is provided for CVE-2004-1363; applying the appropriate patches is the recommended action.
- agent/references
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/weakness
- agent/author
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- vendor/oracle
- canonical/oracle java system application server
- version/oracle java system application server/9.0.2
- version/oracle java system application server/9.0.2.0.0
- version/oracle java system application server/9.0.2.0.1
- version/oracle java system application server/9.0.2.1
- version/oracle java system application server/9.0.2.2
- version/oracle java system application server/9.0.2.3
- version/oracle java system application server/9.0.3
- version/oracle java system application server/9.0.3.1
- version/oracle java system application server/9.0.4
- version/oracle java system application server/9.0.4.0
- version/oracle java system application server/9.0.4.1
- canonical/oracle collaboration suite 10g release 1
- canonical/oracle database
- version/oracle database/8.1.7.4
- version/oracle database/9.0.1.4
- version/oracle database/9.0.1.5
- version/oracle database/9.0.4
- version/oracle database/9.2.0.4
- version/oracle database/9.2.0.5
- version/oracle database/10.1.0.2
- canonical/oracle e-business suite
- version/oracle e-business suite/11.5.1
- version/oracle e-business suite/11.5.2
- version/oracle e-business suite/11.5.3
- version/oracle e-business suite/11.5.4
- version/oracle e-business suite/11.5.5
- version/oracle e-business suite/11.5.6
- version/oracle e-business suite/11.5.7
- version/oracle e-business suite/11.5.8
- version/oracle e-business suite/11.5.9
- canonical/oracle enterprise manager for oracle database
- version/oracle enterprise manager for oracle database/9
- version/oracle enterprise manager for oracle database/9.0.1
- version/oracle enterprise manager for oracle database/10.1.2
- canonical/oracle enterprise manager
- version/oracle enterprise manager/10.1.0.2
- version/oracle database/standard_9.0.4_.0
- version/oracle database/standard_8.1.7_.4
- version/oracle database/standard_9.0.2
- version/oracle database/standard_9.0.1.4
- version/oracle collaboration suite 10g release 1/release_1
- version/oracle database/enterprise_8.1.6_.0.0
- version/oracle database/personal_8.1.7
- version/oracle database/client_9.2.0.2
- version/oracle database/client_9.2.0.1
- version/oracle database/enterprise_9.2.0.5
- version/oracle database/personal_9.2.0.1
- version/oracle database/personal_9.2.0.2
- version/oracle database/personal_9.2.0.5
- version/oracle database/standard_8.0.6
- version/oracle database/enterprise_8.1.5_.1.0
- version/oracle database/personal_9.0.1.5
- version/oracle database/personal_10.1_.0.2
- version/oracle database/standard_8.1.6
- version/oracle database/standard_9.0.1
- version/oracle database/standard_9.2.0.3
- version/oracle database/enterprise_9.2.0.2
- version/oracle database/enterprise_9.2.0.4
- version/oracle database/enterprise_9.0.1.5
- version/oracle database/personal_9.2
- version/oracle database/standard_9.0
- version/oracle database/standard_9.2.0.1
- version/oracle database/personal_9.0.4_.0
- version/oracle database/standard_9.2
- version/oracle database/enterprise_9.0.1
- version/oracle database/standard_9.0.1.2
- version/oracle database/standard_9.2.0.4
- version/oracle database/enterprise_9.2.0
- version/oracle database/standard_9.2.0.5
- version/oracle database/standard_8.1.7_.1
- version/oracle database/enterprise_8.1.7_.1.0
- version/oracle database/enterprise_8.1.5_.0.2
- version/oracle database/enterprise_8.1.6_.1.0
- version/oracle database/standard_8.1.7
- version/oracle database/enterprise_8.1.7
- version/oracle database/standard_10.1_.0.2
- version/oracle database/personal_9.0.1
- version/oracle database/enterprise_8.1.7_.0.0
- version/oracle database/standard_8.0.6_.3
- version/oracle database/standard_9.0.1.3
- version/oracle database/personal_9.2.0.4
- version/oracle database/standard_8.1.7_.0.0
- version/oracle database/standard_9.2.0.2
- version/oracle database/enterprise_8.1.7_.4
- version/oracle database/enterprise_10.1.0.2
- version/oracle database/enterprise_9.2.0.3
- version/oracle database/personal_9.0.1.4
- version/oracle database/enterprise_9.0.4_.0
- version/oracle database/personal_9.2.0.3
- version/oracle database/enterprise_8.0.6_.0.0
- version/oracle database/enterprise_8.1.5_.0.0
- version/oracle database/enterprise_9.2.0.1
- version/oracle database/standard_9.0.1.5
- version/oracle database/enterprise_8.0.6_.0.1
- version/oracle database/enterprise_8.0.5_.0.0
- version/oracle database/standard_8.1.5
- version/oracle database/enterprise_9.0.1.4