Oracle's Listener Control Utility (lsnrctl) allows an Oracle DBA to remotely control the Listener. The Listener is responsible for dealing with client requests for database services. This control utility contains an indirect remotely exploitable format string vulnerability. This affects Oracle 9i, and 8i on all platforms.
For details and the patch, click here.