CVE-2002-0857

Published: Sep 5, 2002Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file.

Affected (4)

Products: Oracle: Database Server, Oracle8i

2 products

Database Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Oracle Database Server	Version 7.3.4
Oracle Database Server	Version 9.0
Oracle Database Server	Version 9.2
Oracle Oracle8i	Version 8.1

References (12)

http://marc.info/?l=bugtraq&m=102933735716634&w=2

Source: cve@mitre.org

http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf

Source: cve@mitre.org

PatchVendor Advisory

http://securitytracker.com/id?1005037

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/301059

Source: cve@mitre.org

US Government Resource

http://www.ngssoftware.com/advisories/ora-lsnrfmtstr.txt

Source: cve@mitre.org

http://www.securityfocus.com/bid/5460

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=102933735716634&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://securitytracker.com/id?1005037

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/301059

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.ngssoftware.com/advisories/ora-lsnrfmtstr.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/5460

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.