NGSSoftware Insight Security Research Advisory Name: Oracle 10g TNS Listener DoS Systems Affected: Oracle 10g on all operating systems Severity: High risk on high availability systems else low Vendor URL: http://www.oracle.com/ Author: David Litchfield [ davidl at ngssoftware.com ] Relates to: http://www.nextgenss.com/advisories/oracle-01.txt Date of Public Advisory: 23rd December 2004 Advisory number: #NISR2122004F Advisory URL: http://www.ngssoftware.com/advisories/oracle23122004F.txt Description *********** The 10g Oracle TNS Listener is vulnerable to a denial of service vulnerability. Details ******* This occurs by sending the Listener a malformed service_register_NSGR request. Byte 182 of the request is used as an offset to a pointer; in a normal request this byte's value is 5 but by setting it to say 0xCC an attacker can get the Listener to access (read) an arbitrary value which causes the Listener to access violate/core dump. Fix Information *************** A patch (#68) was released for this problem by Oracle. See http://metalink.oracle.com/ for more details. NGSSQuirreL for Oracle (http://www.nextgenss.com/squirrelora.htm), can be used to assess whether your Oracle servers are vulnerable to this. About NGSSoftware ***************** NGSSoftware design, research and develop intelligent, advanced application security assessment scanners. Based in the United Kingdom, NGSSoftware have offices in the South of London and the East Coast of Scotland. NGSSoftware's sister company NGSConsulting, offers best of breed security consulting services, specialising in application, host and network security assessments. http://www.ngssoftware.com/ Telephone +44 208 401 0070 Fax +44 208 401 0076 enquiries@private
This archive was generated by hypermail 2.1.3 : Thu Dec 23 2004 - 17:00:12 PST