阿里云漏洞库

Oracle 9i数据库版本2，版本1、8i，8.1.7和8.0.6中的多个缓冲区溢出使远程攻击者可以通过（1）TO_TIMESTAMP_TZ函数的长转换字符串参数，（2）长时间TZ_OFFSET函数的区域参数，或（3）BFILENAME函数的长DIRECTORY参数来执行任意代码。

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html
http://marc.info/?l=bugtraq&m=104549743326864&w=2
http://marc.info/?l=bugtraq&m=104549782327321&w=2
http://marc.info/?l=bugtraq&m=104550346303295&w=2
http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf
http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf
http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf
http://www.cert.org/advisories/CA-2003-05.html
http://www.ciac.org/ciac/bulletins/n-046.shtml
http://www.iss.net/security_center/static/11325.php
http://www.iss.net/security_center/static/11326.php
http://www.iss.net/security_center/static/11327.php
http://www.kb.cert.org/vuls/id/663786
http://www.kb.cert.org/vuls/id/743954
http://www.kb.cert.org/vuls/id/840666
http://www.nextgenss.com/advisories/ora-bfilebo.txt
http://www.nextgenss.com/advisories/ora-tmstmpbo.txt
http://www.nextgenss.com/advisories/ora-tzofstbo.txt
http://www.securityfocus.com/bid/6847
http://www.securityfocus.com/bid/6848
http://www.securityfocus.com/bid/6850

CWE-ID	漏洞类型
CWE-119	内存缓冲区边界内操作的限制不恰当