Vulnerability: Oracle bfilename function buffer overflow

The bfilename() function suffers from a remotely exploitable buffer overrunwhen an overly long DIRECTORY parameter is supplied. Before this issue canbe exploited an attacker must be able to log on to the database server witha valid user ID and password. However, as the bfilename() function can beexecuted by PUBLIC by default, any user of the system can gain control.

All platforms are affected.

For Oracle's patch, click here.

Join the newsletter!

Error: Please check your email address.

More about Oracle

Show Comments