CVE-2002-1118
CVSS5.0
发布时间 :2002-10-28 00:00:00
修订时间 :2008-09-10 20:03:00
NMCOPS    

[原文]TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.


[CNNVD]Oracle TNS Listener Service_CurLoad远程拒绝服务攻击漏洞(CNNVD-200210-284)

        
        Oralce TNS listener是一款Oracle数据库的远程连接服务程序。
        Oralce TNS listener对SERVICE_CURLOAD命令缺少正确处理,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
        攻击者可以通过连接Oracle TNS listener(一般是TCP/1521端口)并发送命令"(CONNECT_DATA=(COMMAND=SERVICE_CURLOAD))",可导致Oracle服务程序回送指示成功执行的信息,但是,一旦调用者关闭连接,Listener服务就停止应答。根据攻击者保持原始连接的打开多长时间其拒绝服务攻击的效果也不一样。当Listener正在为新连接服务时如果调用者关闭连接,就可以使新的连接服务关闭并导致访问冲突。如果调用者关闭Listener连接在其他服务请求之前,Listener服务就会拒绝所有新的连接。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:oracle:oracle8i:8.1.5.1.0_enterprise
cpe:/a:oracle:oracle8i:8.1.7
cpe:/a:oracle:oracle8i:8.1.5
cpe:/a:oracle:oracle8i:8.1.6.0.0_enterprise
cpe:/a:oracle:oracle8i:8.1.7.1
cpe:/a:oracle:oracle9i:9.0.1.2
cpe:/a:oracle:oracle8i:8.1.5.0.2_enterprise
cpe:/a:oracle:oracle9i:release_2_9.2.1
cpe:/a:oracle:oracle8i:8.1.6.1.0_enterprise
cpe:/a:oracle:oracle8i:8.1.7.1.0_enterprise
cpe:/a:oracle:oracle8i:8.1.7.0.0_enterprise
cpe:/a:oracle:oracle9i:9.0
cpe:/a:oracle:oracle9i:9.0.1_3
cpe:/a:oracle:oracle8i:8.1.5.0.0_enterprise
cpe:/a:oracle:oracle9i:release_2_9.2.2
cpe:/a:oracle:oracle9i:9.0.1
cpe:/a:oracle:oracle8i:8.1.6
cpe:/a:oracle:oracle9i:9.0.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1118
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1118
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200210-284
(官方数据源) CNNVD

- 其它链接及资源

http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf
(VENDOR_ADVISORY)  CONFIRM  http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html
(VENDOR_ADVISORY)  VULNWATCH  20021009 R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service
http://www.iss.net/security_center/static/10283.php
(VENDOR_ADVISORY)  XF  oracle-net-services-dos(10283)
http://www.securityfocus.com/bid/5678
(UNKNOWN)  BID  5678

- 漏洞信息

Oracle TNS Listener Service_CurLoad远程拒绝服务攻击漏洞
中危 其他
2002-10-28 00:00:00 2005-05-13 00:00:00
远程  
        
        Oralce TNS listener是一款Oracle数据库的远程连接服务程序。
        Oralce TNS listener对SERVICE_CURLOAD命令缺少正确处理,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
        攻击者可以通过连接Oracle TNS listener(一般是TCP/1521端口)并发送命令"(CONNECT_DATA=(COMMAND=SERVICE_CURLOAD))",可导致Oracle服务程序回送指示成功执行的信息,但是,一旦调用者关闭连接,Listener服务就停止应答。根据攻击者保持原始连接的打开多长时间其拒绝服务攻击的效果也不一样。当Listener正在为新连接服务时如果调用者关闭连接,就可以使新的连接服务关闭并导致访问冲突。如果调用者关闭Listener连接在其他服务请求之前,Listener服务就会拒绝所有新的连接。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 设置边界防火墙策略,对Oracle TNS listener进行访问控制,只允许可信IP访问。
        厂商补丁:
        Oracle
        ------
        Oracle已经为此发布了一个安全公告(OracleSA#42)以及相应补丁:
        OracleSA#42:Security vulnerability in Oracle Net Services
        链接:
        http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf

        补丁下载:
        Oracle Oracle 8i Enterprise Edition 8.1.5 .1.0:
        Oracle Patch 2540219
        
        http://metalink.oracle.com

        Oracle Oracle 8i Enterprise Edition 8.1.5 .0.2:
        Oracle Patch 2540219
        
        http://metalink.oracle.com

        Oracle Oracle 8i Enterprise Edition 8.1.5 .0.0:
        Oracle Patch 2540219
        
        http://metalink.oracle.com

        Oracle Oracle8i 8.1.5:
        Oracle Patch 2540219
        
        http://metalink.oracle.com

        Oracle Oracle 8i Enterprise Edition 8.1.6 .1.0:
        Oracle Patch 2540219
        
        http://metalink.oracle.com

        Oracle Oracle 8i Enterprise Edition 8.1.6 .0.0:
        Oracle Patch 2540219
        
        http://metalink.oracle.com

        Oracle Oracle8i 8.1.6:
        Oracle Patch 2540219
        
        http://metalink.oracle.com

        Oracle Oracle 8i Enterprise Edition 8.1.7 .1.0:
        Oracle Patch 2540219
        
        http://metalink.oracle.com

        Oracle Oracle8i 8.1.7 .1:
        Oracle Patch 2540219
        
        http://metalink.oracle.com

        Oracle Oracle 8i Enterprise Edition 8.1.7 .0.0:
        Oracle Patch 2540219
        
        http://metalink.oracle.com

        Oracle Oracle8i 8.1.7:
        Oracle Patch 2540219
        
        http://metalink.oracle.com

        Oracle Oracle9i 9.0:
        Oracle Patch 2540219
        
        http://metalink.oracle.com

        Oracle Oracle9i 9.0.1 .3:
        Oracle Patch 2540219
        
        http://metalink.oracle.com

        Oracle Oracle9i 9.0.1 .2:
        Oracle Patch 2540219
        
        http://metalink.oracle.com

        Oracle Oracle9i 9.0.1:
        Oracle Patch 2540219
        
        http://metalink.oracle.com

        Oracle Oracle9i 9.0.2:
        Oracle Patch 2540219
        
        http://metalink.oracle.com

- 漏洞信息 (F29853)

Rapid7 Security Advisory 6 (PacketStormID:F29853)
2002-10-10 00:00:00
Rapid7  rapid7.com
denial of service
CVE-2002-1118
[点击下载]

Rapid 7 Advisory R7-0006 - Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service. Oracle 8i (8.1.x), Oracle 9i Release 1 (9.0.x), and Oracle 9i Release 2 (9.2.x) can be crashed via the SERVICE_CURLOAD command. Fix available here.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________
                     Rapid 7, Inc. Security Advisory

        Visit http://www.rapid7.com/ to download NeXpose(tm), our
         advanced vulnerability scanner. Linux and Windows 2000
                       versions are available now!
_______________________________________________________________________

Rapid 7 Advisory R7-0006
Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service

   Published:  October 9, 2002
   Revision:   1.0
   http://www.rapid7.com/advisories/R7-0006.txt

   Oracle:     Oracle Security Alert #42
   http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf

   CVE:        CAN-2002-1118
   http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1118

   Bugtraq:    5678
   http://online.securityfocus.com/bid/5678

1. Affected system(s):

   KNOWN VULNERABLE:
    o Oracle 9i Release 2 (9.2.x)
    o Oracle 9i Release 1 (9.0.x)
    o Oracle 8i (8.1.x)

   Apparently NOT VULNERABLE:
    o Oracle 8.0.x (but see below)

2. Summary

   The Oracle TNS Listener is susceptible to a denial of service attack
   when issued the SERVICE_CURLOAD command.

3. Vendor status and information

   Oracle, Inc.
   http://www.oracle.com

      Oracle was notified of this vulnerability and has made patches
      available.  This issue is being tracked as bug #2540219 in
      the Oracle bug database.

4. Solution

   Download and apply the vendor-supplied patches.  Please see Oracle
   Security Alert #42 for more information:

         http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf

   Please note that patches for some versions and platforms are not
   yet available.

5. Detailed analysis

   Connecting to the Oracle TNS listener (usually on port 1521) and
   issuing the command "(CONNECT_DATA=(COMMAND=SERVICE_CURLOAD))"
   causes the Oracle server to respond with a message indicating
   successful execution.  However, once the caller closes the
   connection, the listener service stops responding.  The effects
   of this DoS vary depending on how long the attacker keeps the
   original connection open.  If the caller keeps the listener
   connection open while new connections are serviced, the listener
   service will be disabled and may crash with an access violation.
   If the caller closes the listener connection before other requests
   are serviced, the listener service will refuse to accept new
   connections.

   We were unable to reproduce this issue on Oracle 8.0.6.  Version
   8.0.6 of Oracle logs a result of 0 (success) in listener.log.
   However, the response to the caller contains error code 12629260,
   which appears to be a non-standard error code.  This may also be
   the result of an exceptional condition, but we were unable to crash
   or disable the listener in our testing.

6. Contact Information

   Rapid 7 Security Advisories
   Email:   advisory@rapid7.com
   Web:     http://www.rapid7.com/
   Phone:   +1 (212) 558-8700

7. Disclaimer and Copyright

   Rapid 7, Inc. is not responsible for the misuse of the information
   provided in our security advisories. These advisories are a service
   to the professional security community.  There are NO WARRANTIES
   with regard to this information. Any application or distribution of
   this information constitutes acceptance AS IS, at the user's own
   risk.  This information is subject to change without notice.

   This advisory Copyright (C) 2002 Rapid 7, Inc.  Permission is
   hereby granted to redistribute this advisory, providing that no
   changes are made and that the copyright notices and disclaimers
   remain intact.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)

iD8DBQE9pHLTcL76DCfug6wRAn7CAJ4u7Stu8xhHJJ0KdIxzyWomq8s+OwCgpvEJ
xkPC6WztYXEmd1hekDYgLPA=
=n2ee
-----END PGP SIGNATURE-----
    

- 漏洞信息

9477
Oracle Net Services TNS Listener SERVICE_CURLOAD Command DoS
Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-10-04 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Oracle TNS Listener Service_CurLoad Remote Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 5678
Yes No
2002-09-09 12:00:00 2009-07-11 05:06:00
Vulnerability announced by Rapid 7 Security.

- 受影响的程序版本

Oracle Oracle9i Standard Edition 9.2 .2
Oracle Oracle9i Standard Edition 9.2 .1
Oracle Oracle9i Standard Edition 9.2 .0.2
Oracle Oracle9i Standard Edition 9.2 .0.1
Oracle Oracle9i Standard Edition 9.0.2
Oracle Oracle9i Standard Edition 9.0.1 .4
Oracle Oracle9i Standard Edition 9.0.1 .3
Oracle Oracle9i Standard Edition 9.0.1 .2
Oracle Oracle9i Standard Edition 9.0.1
Oracle Oracle9i Standard Edition 9.0
Oracle Oracle8i Standard Edition 8.1.7 .4
Oracle Oracle8i Standard Edition 8.1.7 .1
Oracle Oracle8i Standard Edition 8.1.7
Oracle Oracle8i Standard Edition 8.1.6
Oracle Oracle8i Standard Edition 8.1.5
Oracle Oracle8i Enterprise Edition 8.1.7 .1.0
Oracle Oracle8i Enterprise Edition 8.1.7 .0.0
Oracle Oracle8i Enterprise Edition 8.1.6 .1.0
Oracle Oracle8i Enterprise Edition 8.1.6 .0.0
Oracle Oracle8i Enterprise Edition 8.1.5 .1.0
Oracle Oracle8i Enterprise Edition 8.1.5 .0.2
Oracle Oracle8i Enterprise Edition 8.1.5 .0.0

- 漏洞讨论

The Oracle TNS Listener program is a remote connectivity service for Oracle Databases.

Under some circumstances, it may be possible for a remote user to crash TNS Listener service. By connecting to the service, and issuing the SERVICE_CURLOAD command, the service becomes unstable. It has been reported that this will cause the listenering to stop responding to connections, and also crash after the command is issued.

- 漏洞利用

From an established session:

"(CONNECT_DATA=(COMMAND=SERVICE_CURLOAD))"

- 解决方案

Oracle has updated their patch availability matrix to announce available patches for a number of platforms and versions, including Unix variants and Microsoft Windows. Users should refer to the most recent version of the advisory for more details. These patches can be obtained through Oracle's Metalink service.

Fixes available:


Oracle Oracle8i Enterprise Edition 8.1.5 .0.2

Oracle Oracle8i Enterprise Edition 8.1.5 .0.0

Oracle Oracle8i Enterprise Edition 8.1.5 .1.0

Oracle Oracle8i Standard Edition 8.1.5

Oracle Oracle8i Standard Edition 8.1.6

Oracle Oracle8i Enterprise Edition 8.1.6 .0.0

Oracle Oracle8i Enterprise Edition 8.1.6 .1.0

Oracle Oracle8i Standard Edition 8.1.7

Oracle Oracle8i Enterprise Edition 8.1.7 .0.0

Oracle Oracle8i Enterprise Edition 8.1.7 .1.0

Oracle Oracle8i Standard Edition 8.1.7 .1

Oracle Oracle9i Standard Edition 9.0

Oracle Oracle9i Standard Edition 9.0.1 .2

Oracle Oracle9i Standard Edition 9.0.1

Oracle Oracle9i Standard Edition 9.0.1 .3

Oracle Oracle9i Standard Edition 9.0.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站