GEN:SID 1:2650
Message ORACLE user name buffer overflow attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in a Oracle database implementation.
Impact Serious. Execution of arbitrary code may be possible. A Denial of
Service (DoS) condition may also be caused.
Detailed Information An attacker can attempt to connect to a database using an overly
long user name value. This can cause a buffer overflow, allowing
an attacker to execute arbitrary code.

If you are running Oracle on a Windows server, make sure that the
variable $ORACLE_PORTS is set to a value of "any".
Affected Systems Oracle8, Oracle8i, and Oracle9i
Attack Scenarios An attacker can attempt to connect to a database supplying the
user an overly long value.  The result could permit the
attacker to gain escalated privileges and run code of their
choosing.
Ease of Attack Simple.
Corrective Action Ensure the system is using an up to date version of the software and has
had all vendor supplied patches applied.
Additional References Other:
http://www.appsecinc.com/Policy/PolicyCheck62.html
Rule References url: www.appsecinc.com/Policy/PolicyCheck62.html