Hi All,

An urgent help required regarding the Oracle vulnerability issue of Oracle
Database Server multiple functions buffer overflow .The details are as
follows :

Issue : Oracle9i Database Servers prior to Oracle 9i Database Release 2
version 9.2.0.3 are vulnerable to buffer overflows in the
NUMTOYMINTERVAL, NUMTODSINTERVAL, FROM_TZ functions and in the TIME_ZONE
environment variable, caused by improper bounds checking. A remote
authenticated attacker could supply a long parameter to overflow a buffer
and cause the server to crash or to execute arbitrary code on the system.

Remedy:
Apply the appropriate patch to your system, available from the Oracle
MetaLink Web site. See References.

I had visited Metalink and searched through many sites but couldn't get
any patchset for my databases using the following versions (9.0.1.1.1 &
9.2.0.1.0 ).
Would appreciate if anyone can please send me the patchset number to be
applied and link if possible for the same.

Thanks & Regards,
Gaurav


Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

Oracle LazyDBA home page