Short Name |
DB:ORACLE:TNS:SERVICE-NAME-OF |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
DB |
Keywords |
Oracle TNSListener SERVICE_NAME Parameter Buffer Overflow |
Release Date |
2011/12/01 |
Update Number |
2040 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in the Oracle database TNS Listener. A successful attack can lead to remote arbitrary code execution.
TNSListener is a component of the Oracle database, distributed by Oracle Corporation. A buffer overflow has been reported in the Oracle TNSListener. This buffer overflow may allow a user to remotely execute code on a vulnerable system. This is the result of an error in logging an oversized SERVICE_NAME received as part of a TNS packet. Reportedly, this issue only exists on versions of Oracle 9.0.x for Microsoft Windows and VM. This issue was formerly discussed in BID 4955.