News

Buffer Overflow Flaw in Oracle9i Component

Security researcher David Litchfield found a high risk problem in the form of a buffer overflow vulnerability occurring in a software component that ships with the Oracle 9i database on all platforms.

Oracle has a patch available at its Oracle Metalink site (metalink.oracle.com) under issue number 2581911.

The affected component is called Oracle iSQL*Plus. It is a Web-based application allowing users to query the database. Installed with the Oracle 9i database server, iSQL*Plus runs on Apache.

The buffer overrun occurs at the default log-in screen. By supplying an overly long user ID parameter, a user can overrun a buffer and potentially run arbitrary code in the context of the Web server. On Windows systems that security context is as a System user.

Compromising the Web server can give attackers a platform to launch attacks against the database server, according to a bulletin from Litchfield's company, Next Generation Security Software, Ltd.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • Windows 365 Reserve, Microsoft's Cloud PC Rental Service, Hits Preview

    Microsoft has launched a limited public preview of its new "Windows 365 Reserve" service, which lets organizations rent cloud PC instances in the event their Windows devices are stolen, lost or damaged.

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.