Signature Detail

DB: Oracle TNS Listener Denial of Service

This signature detects attempts to exploit a known vulnerability against Oracle TNS Listener program, a remote connection service for Oracle Databases. Attackers can connect to the TNS Listener server and issue the SERVICE_CURLOAD command to cause the system to become unstable and unresponsive before crashing.

Extended Description

The Oracle TNS Listener program is a remote connectivity service for Oracle Databases. Under some circumstances, it may be possible for a remote user to crash TNS Listener service. By connecting to the service, and issuing the SERVICE_CURLOAD command, the service becomes unstable. It has been reported that this will cause the listenering to stop responding to connections, and also crash after the command is issued.

Affected Products

• Oracle Oracle8i Enterprise Edition 8.1.5 .0.0
• Oracle Oracle8i Enterprise Edition 8.1.5 .0.2
• Oracle Oracle8i Enterprise Edition 8.1.5 .1.0
• Oracle Oracle8i Enterprise Edition 8.1.6 .0.0
• Oracle Oracle8i Enterprise Edition 8.1.6 .1.0
• Oracle Oracle8i Enterprise Edition 8.1.7 .0.0
• Oracle Oracle8i Enterprise Edition 8.1.7 .1.0
• Oracle Oracle8i Standard Edition 8.1.5
• Oracle Oracle8i Standard Edition 8.1.6
• Oracle Oracle8i Standard Edition 8.1.7
• Oracle Oracle8i Standard Edition 8.1.7 .1
• Oracle Oracle8i Standard Edition 8.1.7 .4
• Oracle Oracle9i Standard Edition 9.0.0
• Oracle Oracle9i Standard Edition 9.0.1
• Oracle Oracle9i Standard Edition 9.0.1 .2
• Oracle Oracle9i Standard Edition 9.0.1 .3
• Oracle Oracle9i Standard Edition 9.0.1 .4
• Oracle Oracle9i Standard Edition 9.0.2
• Oracle Oracle9i Standard Edition 9.2.0 .0.1
• Oracle Oracle9i Standard Edition 9.2.0 .0.2
• Oracle Oracle9i Standard Edition 9.2.0 .1
• Oracle Oracle9i Standard Edition 9.2.0 .2

References

• BugTraq: 5678
• CVE: CVE-2002-1118
• URL: http://online.securityfocus.com/advisories/4545
• URL: http://otn.oracle.com/deploy/security/pdf/2002alert42.pdf