Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16749
HistoryApr 18, 2007 - 12:00 a.m.

Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet [AS01]

2007-04-1800:00:00
vulners.com
35

Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet [AS01]

Name Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet (6085705) [AS01]
Systems Affected Oracle Discoverer Servlet
Severity Low Risk
Category Remote D.o.S.
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
CVE
Advisory 17 April 2007 (V 1.00)

Details
The Oracle Discoverer Servlet contains a field for the database/tns alias. It is possible to send TNS STOP commands via this field and to shutdown unprotected Oracle TNS Listener.

Patch Information
Apply the patches for Oracle CPU April 2007.

History
28-oct-2003 Oracle secalert was informed
29-oct-2003 Bug confirmed
17-apr-2007 Oracle published CPU April 2007 [AS01]
17-apr-2007 Advisory published

Ā© 2007 by Red-Database-Security GmbH - last update 17-apr-2007