Microsoft Windows NT Oracle 8i listener Thread Exhaustion DoS

2001-06-19T23:10:51
ID OSVDB:5600
Type osvdb
Reporter Jon Isaac()
Modified 2001-06-19T23:10:51

Description

Vulnerability Description

Oracle 8i Enterprise Edition contains a flaw that may allow a remote denial of service. The issue is triggered when repeatedly connecting to the Oracle listener but not connecting to the redirected port which can be forced into consuming all available memory, resulting in loss of availability for the server.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround:

Set the following paramaters in the PROTOCAOL.ORA configuration file to enable the valid node checking feature:

tcp.validnode_checking = YES tcp.invited_nodes = {list of IP addresses} tcp.excluded_nodes = {list of IP addresses}

Short Description

Oracle 8i Enterprise Edition contains a flaw that may allow a remote denial of service. The issue is triggered when repeatedly connecting to the Oracle listener but not connecting to the redirected port which can be forced into consuming all available memory, resulting in loss of availability for the server.

References:

Vendor URL: http://www.oracle.com/ Other Advisory URL: http://xforce.iss.net/xforce/alerts/id/advise81 ISS X-Force ID: 6717 CVE-2001-0513 CERT VU: 105259 Bugtraq ID: 6733