• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Oracle Database Server InterMedia Denial of Service Vulnerability

Severity: HIGH

Description:

There is a denial of service vulnerability in Oracle Database Server. This issue is a result of a failure in the application to properly sanitize user-supplied input.

When trying to load a specially constructed file, a denial of service can be triggered making the Oracle server process consume 100% CPU usage. This vulnerability can be exploited remotely by supplying a specially constructed file to an application that uses the vulnerable objects to process the file in the database server.

This issue affects the Intermedia component and requires SQL (Oracle Net) access. A successful attack can compromise the availability of a vulnerable server.

Oracle has released a Critical Patch Update to address this issue.

It should be noted that this issue was previously reported in BID 13139 (Oracle Multiple Vulnerabilities); it has been assigned its own BID.

Affected Products:

• Oracle Oracle10g Enterprise Edition 10.1.0 .0.2
• Oracle Oracle10g Enterprise Edition 9.0.4 .0
• Oracle Oracle10g Personal Edition 10.1.0 .0.2
• Oracle Oracle10g Personal Edition 9.0.4 .0
• Oracle Oracle10g Standard Edition 10.1.0 .0.2
• Oracle Oracle10g Standard Edition 9.0.4 .0
• Oracle Oracle9i Enterprise Edition 9.2.0 .0.3
• Oracle Oracle9i Enterprise Edition 9.2.0.0
• Oracle Oracle9i Enterprise Edition 9.2.0.0.1
• Oracle Oracle9i Enterprise Edition 9.2.0.0.2
• Oracle Oracle9i Enterprise Edition 9.2.0.0.4
• Oracle Oracle9i Personal Edition 9.2.0
• Oracle Oracle9i Personal Edition 9.2.0 .0.3
• Oracle Oracle9i Personal Edition 9.2.0 .0.5
• Oracle Oracle9i Personal Edition 9.2.0.0.1
• Oracle Oracle9i Personal Edition 9.2.0.0.2
• Oracle Oracle9i Personal Edition 9.2.0.0.4
• Oracle Oracle9i Standard Edition 9.2.0
• Oracle Oracle9i Standard Edition 9.2.0 .0.3
• Oracle Oracle9i Standard Edition 9.2.0 .0.5
• Oracle Oracle9i Standard Edition 9.2.0.0.1
• Oracle Oracle9i Standard Edition 9.2.0.0.2
• Oracle Oracle9i Standard Edition 9.2.0.0.4

References:

• Argeniss: OraIntermediaExploit.txt
• Argeniss: OraIntermediaWorkaround.sql
• Oracle: Critical Patch Update - April 2005
• Oracle: Oracle Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.