Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "eweek article: Oracle Users Take Aim at High Costs, Security Silence"] [Next entry: "Creating read only users"]

Oracle Database 9i SQL Command Buffer Overflow Vulnerability



Security focus newsletter #266 included news of the above bug. This is fixed in Oracle alert #68 but Security Focus has assigned a specific BID number, 11120 to this issue because specific technical information has been released. This is one of the un-disclosed vulnerabilities in BID 10871 assigned by Security Focus to Oracle alert #68. This looks like its the buffer overflow in the built in function SYS_CONTEXT. Alexander Kornbrust has been credited with this vulnerability.