• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Oracle 8i SQLNet Denial of Service Vulnerability

Severity: MODERATE

Description:

Oracle 8i is a high-performance database used for various internet applications, e-commerce enabled sites and commonly used as a data warehouse.

A denial of service vulnerability exists in Oracle 8. An attacker connecting to the host and sending a malformed SQLNet connection request, could cause the host to stop responding.

Various TNS libraries exist which process Net8 (SQLNet) packets, enabling the functionality of communication between a client and a service. TNS Listener is a server executable which allows clients to connect to the database via Oracle's SQLNet protocol. TNS Listener by default listens on TCP port 1521. Oracle Names Service enables database name resolution and by default listens on TCP port 1575. The Oracle Connections Manager maintains the connections between the clients and the database services, and by default listens on TCP ports 1630 (gateway services) and 1830 (administration services).

The SQLNet packets involved in this issue are Type-1 (NSPTCN). Two fields within the header extensions of Type-1 packets are inadequately validated, one being the offset and the other being the length of the connection data within the packet. Specially modifying the two fields of a SQLNet Type-1 packet could cause a denial of service of the TNS libraries, rendering the host's service unresponsive.

In order for an attacker to achieve this result, they must specifiy an offset that points to data larger than the packet. By doing this a memory read error occurs, thus causing a denial of service.

A restart of the server is required in order to gain normal functionality.

Affected Products:

• HP HP-UX 11.0.0
• HP HP-UX 11.11.0
• Oracle Oracle8 8.1.5
• Oracle Oracle8 8.1.6
• Oracle Oracle8 8.1.7
• RedHat Linux 6.1.0 i386
• RedHat Linux 6.2.0 i386
• Sun Solaris 7.0
• Sun Solaris 8

References:

• Oracle: Oracle Support Metalink
• Oracle: Oracle Support Page

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.