GEN:SID 1:2614
Message ORACLE time_zone buffer overflow attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in a Oracle database implementation.
Impact Serious. Execution of arbitrary code may be possible. A Denial of
Service (DoS) condition may also be caused.
Detailed Information Oracle databases allow a user to set a time zone for the session.
The "alter session set time_zone" command contains a programming
error that may allow an attacker to execute a buffer overflow attack.

This overflow is triggered by a long string in the parameter for the
command.

If you are running Oracle on a Windows server, make sure that the
variable $ORACLE_PORTS is set to a value of "any".
Affected Systems Oracle 9i
Attack Scenarios An attacker can supply a long string as the value for this command.
The result could permit the attacker to gain escalated privileges and
run code of their choosing. This attack requires an attacker to logon
to the database with a valid username and password combination.
Ease of Attack Simple.
Corrective Action Ensure the system is using an up to date version of the software and has
had all vendor supplied patches applied.
Additional References Bugtraq
http://www.securityfocus.com/bid/9587

Other:
http://www.nextgenss.com/advisories/ora_time_zone.txt
Rule References bugtraq: 9587
url: www.nextgenss.com/advisories/ora_time_zone.txt