CVE-2004-1363

Sažetak

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

Reference

http://marc.info/?l=bugtraq&m=110382345829397&w=2
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1
http://www.kb.cert.org/vuls/id/316206
http://www.ngssoftware.com/advisories/oracle23122004.txt
http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
http://www.securityfocus.com/bid/10871
http://www.us-cert.gov/cas/techalerts/TA04-245A.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18659

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

02-02-2024 - 14:01

Objavljeno

04-08-2004 - 04:00