Signature Detail

DB: Oracle TNS Trace Buffer Overflow

This signature detects attempts to exploit a known vulnerability in the Oracle database TNS Listener. A successful attack can lead to remote arbitrary code execution. Exploits and patches are available.

Extended Description

Oracle 8i ships with a component called TNS Listener. TNS Listener is used to arbitrate communication between remote database clients/applications and the database server. There exists a remotely exploitable buffer overflow in TNS Listener. Remote attackers can execute arbitrary code on affected hosts. This vulnerability does not require authentication to exploit. On Windows 2000/NT4 systems, TNS Listener runs with 'LocalSystem' privileges. These are equivelent to administrative and any attacker to exploit this vulnerability on such a system would gain control over it. On Unix systems, Oracle processes such as the listener typically run as their own userid. Exploitation of this vulnerability on these systems would provide an attacker with local access to the victim host. It is significantly easier for attackers to compromise the entire system with local access. Note: Versions 8.1.5, 8.1.6, and 8.1.7 are confirmed as being vulnerable. Previous versions are likely vulnerable as well.

Affected Products

• Oracle Oracle8i Standard Edition 8.1.5
• Oracle Oracle8i Standard Edition 8.1.6
• Oracle Oracle8i Standard Edition 8.1.7

References

• BugTraq: 2941
• CVE: CVE-2001-0499
• URL: http://otn.oracle.com/deploy/security/pdf/listener_alert.pdf