CVE-2002-0857

critical

Description

Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file.

References

http://www.securityfocus.com/bid/5460

http://www.ngssoftware.com/advisories/ora-lsnrfmtstr.txt

http://www.kb.cert.org/vuls/id/301059

http://securitytracker.com/id?1005037

http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf

http://marc.info/?l=bugtraq&m=102933735716634&w=2

Details

Source: Mitre, NVD

Published: 2002-09-05

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.13789