Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

oracle-8-NERP-DoS.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 31 Views

Oracle 8 has a Denial of Service vulnerability affecting multiple platforms, causing high CPU usage.

Code
`Date: Thu, 7 Jan 1999 17:31:13 -0800  
From: Jason Ackley <[email protected]>  
To: [email protected]  
Subject: Re: Fw:"NERP" DoS attack possible in Oracle  
  
On Wed, 6 Jan 1999, Paul Schenk wrote:  
  
> In fact, on HP-UX 10.20, Oracle 7.3.3, in listener.log you get:  
>  
> 06-JAN-99 16:15:45 * 12569  
> TNS-12569: TNS:packet checksum failure  
>  
> And tnslistner continues happily along at ~0 CPU usage, it even accepts and  
> processes new connections fine.  
>  
> So its either an Oracle 8/NT thing or a misconfiguration  
>  
  
I sent this to Aleph1, but I guess he was busy, in regards to OS  
combinations:  
  
---  
  
>From: [email protected]  
  
I tested this on Sequent Dynix and sure enough it runs the process out of  
control. If it happens on this platform I suspect this can happen on any  
platform.  
  
---  
  
>From: [email protected]  
  
confirmed on Oracle 8.0.3 on Solaris 2.6 port 1521  
confirmed on Oracle 8.0.5 on Solaris 2.6 port 1526  
  
---  
  
>From: giblin <[email protected]>  
  
Hello,  
I gave it a try on a Solaris 2.6 ( heavily patched ) and Oracle 8.0.4  
Database CPU utilization climbed and hovered at a high 49.9x% and didn't  
fall below 49.7x%. This is on a UE450 with 2 processors and 1.5GB RAM.  
Oracle required a restart to get it back into previous working  
condition. Hmmm... Nice :)  
---  
  
  
>From: Adam vonNieda <[email protected]>  
  
I've tried the bug on my Linux box, (8.0.5), and it pegged instantly.  
I then tried it on one of my IBM SP (8 way) nodes running AIX 4.3 and  
Oracle 8.0.4.2.1, and essentially lost the processor that the listener  
is attached to instantly. So, it won't totally dog an SMP machine, but I  
wouldn't expect much response from the listener! Thanks for the info.  
  
---  
  
>From: gabriel magee <[email protected]>  
  
I just tried it on NT SP3 (+hotfixes) Oracle 8.0.5.0.0 Production on a  
PII/350 with the same results. 100% CPU until you kill the listener.  
Could maybe choose a different protocol adapter in the meantime, too...  
  
---  
  
  
Many thanks to everyone that sent in reports! We still seem to be missing  
information for SGI/IRIX, any takers?  
  
cheers,  
  
--  
Jason Ackley [email protected]  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
oracle 8 vulnerabilitydenial of servicecpu usage issueaffected platformstns packet failure.
31