FAQ
Oracle Security Alert #34

Dated: 5 June 2002

Security vulnerability in Oracle Net (Oracle9i Database Server)

Description

A potential security vulnerability has been discovered in Oracle Net for
Oracle9i Database that

may result in a potential of denial of service attack against Oracle Net
Listener. A knowledgeable and

malicious user can send a small amount of data to the configured listening
endpoint (for Oracle Net

Listener) that will cause the Oracle Net Listener to consume the available
CPU of the host machine.

Products affected

Oracle9i Database Release 9.0.x (all releases)

Platforms affected

MS Windows and VM only. (Note: Unix, VMS, OS/390 are not affected)

Workarounds

None

Patch Information

Oracle has fixed the potential vulnerability identified above under patch
number 2367681 for supported

releases of Oracle9i, Release 9.0.x on Windows and VM.

Download currently available patches for your platform from Oracle' s
Worldwide Support web site,

Metalink, http://metalink.oracle.com. Activate the "Patches" button to get
to the patches Web page. Enter

2367681 as indicated above and activate the "Submit" button.

Please check with Metalink or Oracle Worldwide Support Services for patch
availability if the patch for

your platform is not available.

Oracle strongly recommends that you comprehensively test the stability of
your system upon application

of any patch prior to deleting any of the original file(s) that are replaced
by the patch.



--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: Gautam_Reddy_at_Dell.com

Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouporacle-l @
categoriesoracle
postedJun 6, '02 at 8:05p
activeJun 6, '02 at 8:05p
posts1
users1
websiteoracle.com

1 user in discussion

Gautam_Reddy_at_Dell.com: 1 post

People

Translate

site design / logo © 2022 Grokbase