SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Database)  >   Oracle Database Vendors:   Oracle
Oracle Net Services Has Unspecified Flaw That Lets Remote Users Deny Service
SecurityTracker Alert ID:  1005374
SecurityTracker URL:  http://securitytracker.com/id/1005374
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 8 2002
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9i Release 2 (9.2 - all releases); 9i Release 1 (9.0.x - all releases); 8i (8.1.x all releases)
Description:   A vulnerability was reported in Oracle Net Services for Oracle Database. A remote user can cause denial of service conditions.

It is reported that a remote user can cause denial of service conditions in the Oracle Net Listener. No details were provided.

Oracle credits Rapid7, Inc. for reporting this flaw.
Impact:   A remote user can deny service to the Oracle Net Listener.
Solution:   Oracle has released a fix under the base bug number 2540219. Also, future releases of the Oracle Database server will contain the fix by default. The fix is available at:

http://metalink.oracle.com
Vendor URL:  otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf (Links to External Site)
Cause:   Not specified
Underlying OS:   Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Details Are Provided) Re: Oracle Net Services Has Unspecified Flaw That Lets Remote Users Deny Service   ("Rapid 7 Security Advisories" <advisory@rapid7.com>)
Rapid7 has provided details of the flaw.


 Source Message Contents
Date:  Mon, 07 Oct 2002 16:10:04 -0400
Subject:  Oracle Security Alert #42 (Oracle Net Listener denial of service)


http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf

Oracle Security Alert #42
Dated: 04 October 2002
Severity: 1

Security vulnerability in Oracle Net Services

Oracle reported that there is a vulnerability in Oracle Net Services for Oracle Database
that may allow a remote user to cause denial of service conditions in the Oracle Net
Listener.

The following releases are reportedly affected:

Oracle9i Release 2 (9.2 - all releases)
Oracle9i Release 1 (9.0.x - all releases)
Oracle8i (8.1.x – all releases)

Although there are no workarounds, Oracle provides some steps to mitigate the risk until
you can apply the patch.  For the steps, see the Oracle advisory at the URL listed above.

Oracle has released a fix under the base bug number 2540219.  Also, future releases of the
Oracle Database server will contain the fix by default.  The fix is available at:

http://metalink.oracle.com

Oracle Corporation thanks Rapid7, Inc. for reporting this flaw.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC