| VID |
25015 |
| Severity |
40 |
| Port |
1521 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The Oracle TNS Listener is susceptible to a denial of service attack when issued the SERVICE_CURLOAD command. The Oracle TNS Listener program is a remote connectivity service for Oracle Databases.
Connecting to the Oracle TNS listener (usually on port 1521) and issuing the command "(CONNECT_DATA=(COMMAND=SERVICE_CURLOAD))" causes the Oracle server to respond with a message indicating successful execution. However, once the caller closes the connection, the listener service stops responding. The effects of this DoS vary depending on how long the attacker keeps the original connection open. If the caller keeps the listener connection open while new connections are serviced, the listener service will be disabled and may crash with an access violation. If the caller closes the listener connection before other requests are serviced, the listener service will refuse to accept new connections.
Note: By default, the "Perform Denial of Service attack" option on the scanner setting menu is unmarked, and under the situation this check solely relied on the version of the remote TNS listener to assess this vulnerability, so this might be a false positive. Otherwise If you mark the option, this check will perform a denial of service test, which may cause the Listener to become unavailable. The Listener must be manually restarted in order to regain normal functionality.
Platforms Affected:
Oracle 9i Release 2 (9.2.x)
Oracle 9i Release 1 (9.0.x)
Oracle 8i (8.1.x)
* References:
http://online.securityfocus.com/bid/5678
http://www.rapid7.com/advisories/R7-0006.txt |
| Recommendation |
Download and apply the vendor-supplied patches. Please see Oracle Security Alert #42 for more information: http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
