Reported October 9, 2002, by Rapid 7.

VERSIONS AFFECTED

 

·         Oracle 9i and Oracle 8i for Windows 2000 and Windows NT, releases 8.1.x, 9.0.x, and 9.2.x

 

DESCRIPTION

 

A Denial of Service (DoS) condition exists in the Oracle 9i and 8i Server Transparent Network Substrate (TNS) Listener service. An attacker who connects to the Oracle TNS Listener (usually on port 1521) and issues the command "(CONNECT_DATA=(COMMAND=SERVICE_CURLOAD))" can cause the TNS Listener service to stop responding after the attacker closes the connection.

 

VENDOR RESPONSE

 

The vendor, Oracle, has released Oracle Security Alert #42 and recommends that affected users apply the appropriate patch mentioned in this alert.

 

CREDIT

Discovered by Rapid 7.