SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Database)  >  Oracle Database Vendors:  Oracle
Oracle Database Server TNS Listener Can Be Crashed By Remote Users With a One Byte TCP Packet
Date:  Mar 29 2002
Impact:  Denial of service via network
Exploit Included:  Yes  
Version(s): 9.0.1.1
Description:  A denial of service vulnerability was reported in the Oracle database server. A remote user can cause the Transparent Network Substrate (TNS) listener to crash and no longer accept connections.

It is reported that a remote user can send a single TCP packet (#$00 = 1 byte) to the TNS listener on port 1521 to cause CPU utilization to reach 100%. No further connections will be accepted, according to the report.

It is reported that the TNSLISTEN process must be restarted in order for the server to return to normal operations.

The author of the report has provided a Win32 binary (Shadow DoS Analyzer) to test the vulnerability, available at:

http://www.safety-lab.com/SDA.exe

The vendor has reportedly been notified. exploitreference:http://www.safety-lab.com/SDA.exe
Impact:  A remote user can cause the TNS listener to crash and stop accepting connections.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.oracle.com/ (Links to External Site)
Cause:  Exception handling error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)
Reported By:  Andrey Gordienko <red@rsh.kiev.ua>
Message History:   None.

 Source Message Contents
Date:  28 Mar 2002 10:54:07 -0000
From:  Andrey Gordienko <red@rsh.kiev.ua>
Subject:  Oracle9i TSN DoS Attack

 



name            : Oracle
date            : 28/3/2002
description     : Oracle9i TSN DoS Attack 
severity        : High risk
homepage        : www.oracle.com
versions        : 9.0.1.1 (another version may be too)
Bug description :
For crash Oracle9i you need sent ONE TCP packet 
(#$00 = 1 byte) to 1521 port and you can fogot about 
Oracle (CPU - 100%).You cant connect. For connect 
to server you need restart TSNLISTEN.For use 
expolit You DONT NEED Oracle client or any Oracle 
dlls. 
Solution: We sent message to oracle but we didnt 
have answer
P.S. you can download win32 expolit from 
www.safety-lab.com (ShadowDoSAnalyzer)

Safety-Lab www.safety-lab.com
RedShadow and Melcosoft


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC