Reported January 18, 2005, by NGSSoftware

VERSIONS AFFECTED

         All releases of versions 10g and 9i

DESCRIPTION

Multiple vulnerabilities have been discovered in Oracle Database Server. The vulnerabilities include "PL/SQL" injection and an unchecked buffer, which could allow an overflow to occur. The vulnerabilities could allow users to gain adminstrator privileges on an affect server.


VENDOR RESPONSE

Oracle has issued patches to correct these problems which can be obtained at the company's MetaLink Web site.

CREDIT
Discovered by Next Generation Security Software