Oracle Database on Solaris Net8 Listener Malformed Transport Data Remote DoS
Remote / Network Access
Denial of Service
Loss of Availability
Oracle SQL*Net (Net8) contains a flaw that may allow a remote denial of service. The issue is triggered when a packet is received with the maximum transport data size is set to 0, and will result in loss of availability for the service.
Upgrade to version 9i or higher, as it has been reported to fix this vulnerability. Oracle has released a patch to address this vulnerability in versions 8.1.6 and 8.1.7. They still recommend upgrading. This patch also fixes single packet root exploits in the Oracle service.
Reported to Bugtraq by Nishad Herath of COVERT Labs at PGP Security and posted in a Internet Security Systems Security Advisory.
Oracle Oracle8 8.1.7
Microsoft Windows 2000 Professional
Oracle Oracle8 8.1.6
Oracle Oracle8 8.1.5
HP HP-UX 11.11
HP HP-UX 11.0
RedHat Linux 6.2 i386
RedHat Linux 6.1 i386
A denial of service vulnerability exists in Oracle 8i. An attacker connecting to the host and sending a malformed SQLNet (Type-1) connection request, could cause the host to stop responding.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.
* It has been reported that the patch is still unavailable. Forthcoming updates will provide additional information when it becomes available. Until fixes are obtainable, administrators should block network access to the listener.
A fix is reportedly being developed.
It will be available at the Oracle MetaLink support website.