Vulnerability: Oracle bfilename function buffer overflow

The bfilename() function suffers from a remotely exploitable buffer overrunwhen an overly long DIRECTORY parameter is supplied. Before this issue canbe exploited an attacker must be able to log on to the database server witha valid user ID and password. However, as the bfilename() function can beexecuted by PUBLIC by default, any user of the system can gain control.

All platforms are affected.

For Oracle's patch, click here.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Oracle

Show Comments