Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet [AS01]

2007-04-18T00:00:00
ID SECURITYVULNS:DOC:16749
Type securityvulns
Reporter Securityvulns
Modified 2007-04-18T00:00:00

Description

Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet [AS01]

Name Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet (6085705) [AS01] Systems Affected Oracle Discoverer Servlet Severity Low Risk Category Remote D.o.S. Vendor URL http://www.oracle.com/ Author Alexander Kornbrust (ak at red-database-security.com) CVE
Advisory 17 April 2007 (V 1.00)

Details The Oracle Discoverer Servlet contains a field for the database/tns alias. It is possible to send TNS STOP commands via this field and to shutdown unprotected Oracle TNS Listener.

Patch Information Apply the patches for Oracle CPU April 2007.

History 28-oct-2003 Oracle secalert was informed 29-oct-2003 Bug confirmed 17-apr-2007 Oracle published CPU April 2007 [AS01] 17-apr-2007 Advisory published

© 2007 by Red-Database-Security GmbH - last update 17-apr-2007