Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.
http://www.securityfocus.com/bid/6849
http://www.kb.cert.org/vuls/id/953746
http://www.iss.net/security_center/static/11328.php
http://www.ciac.org/ciac/bulletins/n-046.shtml
http://www.cert.org/advisories/CA-2003-05.html