Intrusion Prevention

Oracle.iSQLPLus.Service.Username.Stack.Overflow

Description

This indicates an attack attempt against a stack-based buffer-overflow vulnerability in Oracle Database Servers.
The vulnerability is caused by insufficient checking of user-supplied data. It may allow remote attackers to execute arbitrary code via an overlong token.

Affected Products

Oracle10g Database Server any version
Oracle9i Database any version

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Oracle has released an alert (#68) and a patch to address these issues.
http://metalink.oracle.com/

CVE References

CVE-2002-1264 CVE-2004-1371