CERTA-2002-AVI-225

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Oracle Net Services.

Description

Le service réseau Oracle Net Listener (port 1521/tcp par défaut) est le composant principal d'Oracle Net, l'application qui permet d'accèder à distance à une base de données Oracle.

Un utilisateur mal intentionné peut utiliser une requête malicieusement construite employant la commande
SERVICE_CURLOAD afin d'effectuer un déni de service sur Oracle NET Listener.

Solution

Appliquer le correctif correspondant à cette vulnérabilité, disponible sur le site d'Oracle :

http://metalink.oracle.com
None
Impacted products
Vendor Product Description
Oracle N/A Oracle 9i Release 2 (9.2.x) ;
Oracle N/A Oracle 9i Release 1 (9.0.x) ;
Oracle N/A Oracle 8i (8.1.x).
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle 9i Release 2 (9.2.x) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle 9i Release 1 (9.0.x) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle 8i (8.1.x).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLe service r\u00e9seau Oracle Net Listener (port 1521/tcp par d\u00e9faut) est le\ncomposant principal d\u0027Oracle Net, l\u0027application qui permet d\u0027acc\u00e8der \u00e0\ndistance \u00e0 une base de donn\u00e9es Oracle.\n\nUn utilisateur mal intentionn\u00e9 peut utiliser une requ\u00eate malicieusement\nconstruite employant la commande  \n`SERVICE_CURLOAD` afin d\u0027effectuer un d\u00e9ni de service sur Oracle NET\nListener.\n\n## Solution\n\nAppliquer le correctif correspondant \u00e0 cette vuln\u00e9rabilit\u00e9, disponible\nsur le site d\u0027Oracle :\n\n    http://metalink.oracle.com\n",
  "cves": [],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 #42 d\u0027Oracle :",
      "url": "http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf"
    }
  ],
  "reference": "CERTA-2002-AVI-225",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2002-10-15T00:00:00.000000"
    },
    {
      "description": "modification des syst\u00e8mes affect\u00e9s.",
      "revision_date": "2002-10-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Oracle Net Services.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Oracle Listener",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin d\u0027alerte 42 d\u0027Oracle",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.