GEN:SID 1:2649
Message ORACLE service_name buffer overflow attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in a Oracle database implementation.
Impact Serious. Execution of arbitrary code may be possible. A Denial of
Service (DoS) condition may also be caused.
Detailed Information An attacker can attempt to connect to a database using an overly
long service_name value. This can cause a buffer overflow, allowing
an attacker to execute arbitrary code.

If you are running Oracle on a Windows server, make sure that the
variable $ORACLE_PORTS is set to a value of "any".
Affected Systems Oracle7, Oracle8, Oracle8i, and Oracle9i
Attack Scenarios An attacker can attempt to connect to a database supplying the
service_name an overly long value.  The result could permit the
attacker to gain escalated privileges and run code of their
choosing.
Ease of Attack Simple.
Additional References Other:
http://www.appsecinc.com/Policy/PolicyCheck52.html
Rule References url: www.appsecinc.com/Policy/PolicyCheck52.html