|Check Point Reference:
|| 12 Feb 2006
||8 May 2007
||Oracle Security Alert 58
|Protection Provided by:
|Who is Vulnerable?|| XML Database (XDB) functionality for Oracle 9i Database Release 2|
||Oracle 9i XML database suffers from a buffer overflow vulnerability. By passing an overly long username or password, an attacker can execute arbitrary code on the target system.
|Vulnerability Details||The Oracle XDB can be accessed via an HTTP based service on TCP port 8080 or an FTP based service on TCP port 2100. To access the database, an attacker must authenticate. By authenticating using an overly long username, an attacker can overflow the buffer and execute code on the system.|