CERTA-2002-AVI-225
Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Oracle Net Services.

Description

Le service réseau Oracle Net Listener (port 1521/tcp par défaut) est le composant principal d'Oracle Net, l'application qui permet d'accèder à distance à une base de données Oracle.

Un utilisateur mal intentionné peut utiliser une requête malicieusement construite employant la commande
SERVICE_CURLOAD afin d'effectuer un déni de service sur Oracle NET Listener.

Solution

Appliquer le correctif correspondant à cette vulnérabilité, disponible sur le site d'Oracle :

http://metalink.oracle.com
None
Impacted products
Vendor Product Description
Oracle N/A Oracle 9i Release 2 (9.2.x) ;
Oracle N/A Oracle 9i Release 1 (9.0.x) ;
Oracle N/A Oracle 8i (8.1.x).
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle 9i Release 2 (9.2.x) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle 9i Release 1 (9.0.x) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle 8i (8.1.x).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLe service r\u00e9seau Oracle Net Listener (port 1521/tcp par d\u00e9faut) est le\ncomposant principal d\u0027Oracle Net, l\u0027application qui permet d\u0027acc\u00e8der \u00e0\ndistance \u00e0 une base de donn\u00e9es Oracle.\n\nUn utilisateur mal intentionn\u00e9 peut utiliser une requ\u00eate malicieusement\nconstruite employant la commande  \n`SERVICE_CURLOAD` afin d\u0027effectuer un d\u00e9ni de service sur Oracle NET\nListener.\n\n## Solution\n\nAppliquer le correctif correspondant \u00e0 cette vuln\u00e9rabilit\u00e9, disponible\nsur le site d\u0027Oracle :\n\n    http://metalink.oracle.com\n",
  "cves": [],
  "initial_release_date": "2002-10-15T00:00:00",
  "last_revision_date": "2002-10-16T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 #42 d\u0027Oracle :",
      "url": "http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf"
    }
  ],
  "reference": "CERTA-2002-AVI-225",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2002-10-15T00:00:00.000000"
    },
    {
      "description": "modification des syst\u00e8mes affect\u00e9s.",
      "revision_date": "2002-10-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Oracle Net Services.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Oracle Listener",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin d\u0027alerte 42 d\u0027Oracle",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.