Signature Detail
Short Name |
DB:ORACLE:TNS:SERVICE-NAME-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
DB |
Keywords |
Oracle TNSListener SERVICE_NAME Parameter Buffer Overflow |
Release Date |
2011/12/01 |
Update Number |
2040 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
DB: Oracle TNSListener SERVICE_NAME Parameter Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the Oracle database TNS Listener. A successful attack can lead to remote arbitrary code execution.
Extended Description
TNSListener is a component of the Oracle database, distributed by Oracle Corporation. A buffer overflow has been reported in the Oracle TNSListener. This buffer overflow may allow a user to remotely execute code on a vulnerable system. This is the result of an error in logging an oversized SERVICE_NAME received as part of a TNS packet. Reportedly, this issue only exists on versions of Oracle 9.0.x for Microsoft Windows and VM. This issue was formerly discussed in BID 4955.
Affected Products
- Oracle Oracle9i Standard Edition 9.0.0
- Oracle Oracle9i Standard Edition 9.0.1
- Oracle Oracle9i Standard Edition 9.0.2
References
- BugTraq: 4845
- CVE: CVE-2002-0965