Oracle9i TSN DoS Attack
From: Andrey Gordienko (red@rsh.kiev.ua)Date: 03/28/02
- Previous message: Scalise, Marzio : "Authentication with RSA SecurID and Outlook web access"
- Next in thread: Lucien Fransman: "Re: Oracle9i TSN DoS Attack"
- Reply: Lucien Fransman: "Re: Oracle9i TSN DoS Attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Mar 2002 10:54:07 -0000 From: Andrey Gordienko <red@rsh.kiev.ua> To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is)
name : Oracle
date : 28/3/2002
description : Oracle9i TSN DoS Attack
severity : High risk
homepage : www.oracle.com
versions : 9.0.1.1 (another version may be too)
Bug description :
For crash Oracle9i you need sent ONE TCP packet
(#$00 = 1 byte) to 1521 port and you can fogot about
Oracle (CPU - 100%).You cant connect. For connect
to server you need restart TSNLISTEN.For use
expolit You DONT NEED Oracle client or any Oracle
dlls.
Solution: We sent message to oracle but we didnt
have answer
P.S. you can download win32 expolit from
www.safety-lab.com (ShadowDoSAnalyzer)
Safety-Lab www.safety-lab.com
RedShadow and Melcosoft
- Previous message: Scalise, Marzio : "Authentication with RSA SecurID and Outlook web access"
- Next in thread: Lucien Fransman: "Re: Oracle9i TSN DoS Attack"
- Reply: Lucien Fransman: "Re: Oracle9i TSN DoS Attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
