| VID |
25025 |
| Severity |
30 |
| Port |
1521 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The Oracle9i Database Server Listener has a denial of service vulnerability via certain debug requests.
The SQL*NET Listener process is a server-side program that accepts and manages connections from the client to the Oracle database. The Listener provides the capability to remotely manage the Listener. This allows remote users to execute commands such as STOP, RELOAD, and SET LOG_FILE on the Listener. This capability is very dangerous so a password should be assigned to the Listener service.
There is an undocumented command in the Listener process called "debug". When the following Listener command string is sent to the Listener service, the Listener crashes and further attempts to connect to the database fail.
(DESCRIPTION=(CONNECT_DATA=((PROGRAM=)(USER=))(COMMAND=debug)(ARGUMENTS=4)(SERVICE=REMOTE)(VERSION=13)(VALUE=0)))
* Note: This check solely relied on the version number of the remote Oracle Listener to assess this vulnerability, so this might be a false positive.
* References:
http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20941
* Platforms Affected:
Oracle9i Database Server 9.0.x before 9.0.1.4
Oracle9i Database Server 9.2.x before 9.2.0.2
UNIX/Linux Any version
Windows NT/2000 Any version |
| Recommendation |
Apply the appropriate patch for your system, available to registered customers from the Oracle Metalink Web site, http://metalink.oracle.com . The patch can be found under the bug number 2467947.
For details, see http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf |
| Related URL |
CVE-2002-0856 (CVE) |
| Related URL |
5457 (SecurityFocus) |
| Related URL |
9237 (ISS) |
|
