CVE-2002-1767: Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line…

CVE-2002-1767 [HIGH] GHSA-9pcm-7prc-jqw3: Buffer overflow in tnslsnr of Oracle 8i Database Server 8 Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument.

CVE-2002-1767 Oracle 8i - TNS Listener Local Command Parameter Buffer Overflow Oracle 8i - TNS Listener Local Command Parameter Buffer Overflow --- /* source: https://www.securityfocus.com/bid/4413/info Oracle 8i is a powerful relational database product. It is available for Windows, Linux, and a wide range of Unix operating systems. A vulnerability has been reported with some versions of Oracle 8i for Linux. A local attacker able to execute the tnslsnr process may pass an oversized command line parameter and cause a buffer overflow, possibly leading to the execution of arbitrary code as the user 'oracle'. Versions of Oracle 8i available for other operating systems have not yet been confirmed as vulnerable. */ /* * Yet another exploit for the 'Unbreakable' Oracle database * The vulnerability was found by KF / Snosoft (http://www.snosoft.com) * Shellcode created