Oracle Database Server TNS Listener Can Be Crashed By Remote Users With a One Byte TCP Packet - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Database) > Oracle Database

Vendors: Oracle

Oracle Database Server TNS Listener Can Be Crashed By Remote Users With a One Byte TCP Packet

SecurityTracker Alert ID: 1003919

SecurityTracker URL: http://securitytracker.com/id/1003919

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Mar 29 2002

Impact: Denial of service via network

Exploit Included: Yes

Version(s): 9.0.1.1

Description: A denial of service vulnerability was reported in the Oracle database server. A remote user can cause the Transparent Network Substrate (TNS) listener to crash and no longer accept connections.

It is reported that a remote user can send a single TCP packet (#$00 = 1 byte) to the TNS listener on port 1521 to cause CPU utilization to reach 100%. No further connections will be accepted, according to the report.

It is reported that the TNSLISTEN process must be restarted in order for the server to return to normal operations.

The author of the report has provided a Win32 binary (Shadow DoS Analyzer) to test the vulnerability, available at:

http://www.safety-lab.com/SDA.exe

The vendor has reportedly been notified.

Impact: A remote user can cause the TNS listener to crash and stop accepting connections.

Solution: No solution was available at the time of this entry.

Vendor URL: www.oracle.com/ (Links to External Site)

Cause: Exception handling error

Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)

Message History: None.

Source Message Contents

Date: 28 Mar 2002 10:54:07 -0000
Subject: Oracle9i TSN DoS Attack




name            : Oracle
date            : 28/3/2002
description     : Oracle9i TSN DoS Attack 
severity        : High risk
homepage        : www.oracle.com
versions        : 9.0.1.1 (another version may be too)
Bug description :
For crash Oracle9i you need sent ONE TCP packet 
(#$00 = 1 byte) to 1521 port and you can fogot about 
Oracle (CPU - 100%).You cant connect. For connect 
to server you need restart TSNLISTEN.For use 
expolit You DONT NEED Oracle client or any Oracle 
dlls. 
Solution: We sent message to oracle but we didnt 
have answer
P.S. you can download win32 expolit from 
www.safety-lab.com (ShadowDoSAnalyzer)

Safety-Lab www.safety-lab.com
RedShadow and Melcosoft

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC