Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Security vulnerability in Oracle Net (Oracle9i Database Server)

Security vulnerability in Oracle Net (Oracle9i Database Server)

From: <Gautam_Reddy_at_Dell.com>
Date: Thu, 06 Jun 2002 12:05:27 -0800
Message-ID: <F001.00476A00.20020606120527@fatcity.com> 





Oracle Security Alert #34



Dated: 5 June 2002



Security vulnerability in Oracle Net (Oracle9i Database Server)



Description



A potential security vulnerability has been discovered in Oracle Net for
Oracle9i Database that



may result in a potential of denial of service attack against Oracle Net
Listener. A knowledgeable and



malicious user can send a small amount of data to the configured listening
endpoint (for Oracle Net



Listener) that will cause the Oracle Net Listener to consume the available
CPU of the host machine.



Products affected



Oracle9i Database Release 9.0.x (all releases)



Platforms affected



MS Windows and VM only. (Note: Unix, VMS, OS/390 are not affected)



Workarounds



None



Patch Information



Oracle has fixed the potential vulnerability identified above under patch
number 2367681 for supported



releases of Oracle9i, Release 9.0.x on Windows and VM.



Download currently available patches for your platform from Oracle' s
Worldwide Support web site,



Metalink, http://metalink.oracle.com. Activate the "Patches" button to get
to the patches Web page. Enter



2367681 as indicated above and activate the "Submit" button.



Please check with Metalink or Oracle Worldwide Support Services for patch
availability if the patch for



your platform is not available.



Oracle strongly recommends that you comprehensively test the stability of
your system upon application



of any patch prior to deleting any of the original file(s) that are replaced
by the patch.

 




-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: 


  INET: Gautam_Reddy_at_Dell.com


Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Thu Jun 06 2002 - 15:05:27 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US