Description
Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability."
Affected products
- oracle / database_server9.0.1
- oracle / database_server8.0 – 8.0
- oracle / database_server8.1 – 8.1
References
- MAILING_LISThttp://marc.info/?l=bugtraq&m=100386756715645&w=2
- MISChttp://www.securityfocus.com/bid/3139
- MISChttp://www.ciac.org/ciac/bulletins/m-011.shtml
- MISChttp://online.securityfocus.com/archive/1/201295
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/6940
- VENDOR_ADVISORYhttp://otn.oracle.com/deploy/security/pdf/otrcrep.pdf
- MISChttp://online.securityfocus.com/archive/1/222612