SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Your Ad Here
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Database)  >  Oracle Database Vendors:  Oracle
Oracle 9i Database Input Validation Bugs in the Oracle Net Listener Lets Remote Authenticated Users Crash the Listener, Denying Service to Database Users
SecurityTracker Alert ID:  1005037
SecurityTracker URL:  http://securitytracker.com/id?1005037
CVE Reference:  CVE-2002-0857   (Links to External Site)
Updated:  Jun 3 2008
Original Entry Date:  Aug 13 2002
Impact:  Denial of service via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 8.1, 8.2, 9.0
Description:  Oracle reported two vulnerabilities affecting the Oracle Net Listener for the Oracle 9i database server. A remote authenticated user may be able to cause the database Listener component to crash in certain situations, denying database access to other users.

It is reported that an authenticated remote user can modify the Oracle Net Listener s configuration file (listener.ora) to include a specially crafted format string. The next time the Listener control utility (LSNRCTL) is used to start up the Listener, the Listener may crash.

An Oracle database administrator (DBA) can reportedly supply specially crafted input containing format strings to the Oracle Net Listener control utility (LSNRCTL) so that the Listener will crash when started.
Impact:  A remote authenticate user may be able to cause denial of service conditions on the database.
Solution:  Oracle has issued a patch (under the base bug number 2395416). Patches are available from Oracle Worldwide Support Services web site, Metalink (http://metalink.oracle.com). Activate the Patches button to get to the patches Web page. Enter bug Number 2395416 as indicated above and activate the Submit button.

In addition to available patches, Oracle strongly urges customers to take the following steps to address the vulnerabilities identified above.

1. Configure listener password to prevent unauthorized users from administering the listener.

Alternatively, set ADMIN_RESTRICTIONS_listener_name=ON in listener.ora to completely disable the runtime modification of listener s configuration parameters.

2. Set appropriate Operating System directory and file permissions on the Listener configuration file, listener.ora.

For example:

Unix: $ chmod 600 $ORACLE_HOME/network/admin/listener.ora
Windows: File properties > Security > Permissions

3. Do not attempt to start an Oracle Net Listener with an invalid name.
Vendor URL:  otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)

Message History:   None.

 Source Message Contents
Date:  Tue, 13 Aug 2002 13:15:19 -0400
Subject:  Oracle Security Alert #40

 

http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf

Oracle Security Alert #40
Dated: 08 August 2002
Severity: 3

Oracle Net Listener Vulnerabilities

Description
Two potential vulnerabilities have been discovered in Oracle Net
Listener for Oracle9i Release 2 (9.2) Database server.

First, a knowledgeable and malicious user can remotely modify Oracle Net
Listener’s configuration file (listener.ora) to contain a format string.
Doing so may crash the Listener control utility (LSNRCTL) the next time
it is used to start up the Listener.

Second, an Oracle DBA can supply input containing format strings to
Oracle Net Listener control utility (LSNRCTL) that will crash the
Listener upon startup.

Products Affected
Oracle9i Release 2 (9.2 - all releases)
Orace9i Release 1 (9.0 - all releases)
Oracle8i (8.1 - all releases)

Platforms Affected
All

Workaround
In addition to available patches, Oracle strongly urges customers to
take the following steps to address the vulnerabilities identified
above.

1. Configure listener password to prevent unauthorized users from
administering the listener.

Alternatively, set ADMIN_RESTRICTIONS_listener_name=ON in listener.ora
to
completely disable the runtime modification of listener’s configuration
parameters.

2. Set appropriate Operating System directory and file permissions on
the Listener configuration file, listener.ora.

For example:

Unix: $ chmod 600 $ORACLE_HOME/network/admin/listener.ora
Windows: File properties > Security > Permissions …

3. Do not attempt to start an Oracle Net Listener with an invalid name.
Patch Information Oracle has fixed the potential vulnerabilities
identified above under the base bug number 2395416.

Download currently available patches from Oracle Worldwide Support
Services web site, Metalink (http://metalink.oracle.com). Activate the
‘Patches’ button to get to the patches Web page. Enter bug Number
2395416 as indicated above and activate the ‘Submit’ button.

Please review MetaLink or check with Oracle Worldwide Support Services
periodically for patch availability if the patch for your platform is
not available. Please check the matrix provided for details on patch
availability.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC