Network Security News – Saturday, January 07, 2006 Events
Oracle9i XDB HTTP Long Username/Password Overflow
A remote overflow exists in Oracle9i Database Server. The XML Database (XDB) HTTP service fails to perform proper bounds checking resulting in a stack-based buffer overflow. With a specially crafted request containing an overly long username or password, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/2449
Oracle9i XDB FTP Multiple Command Overflow
A remote overflow exists in Oracle9i Database Server. The XML Database (XDB) FTP service fails to perform proper bounds checking resulting in a stack-based buffer overflow. With a specially crafted request containing an overly long string to the 'TEST' or 'UNLOCK' command, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/22266
Oracle9i XDB FTP Long Username/Password Overflow
A remote overflow exists in Oracle9i Database Server. The XML Database (XDB) FTP service fails to perform proper bounds checking resulting in a stack-based buffer overflow. With a specially crafted request containing an overly long username or password, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/22265