Buffer Overflow in ONS Service
The Oracle Notification Service (ONS) is using simple push/subscribe method to publish event mesages to all nodes with active ONS daemons. By default ONS is running on port 6200 and is installed by in Oracle RAC, Oracle Application Server and Oracle Databases 10g Release 1.
The service ONS contains a remote exploitable buffer overflow. This vulnerability could be exploited without login credentials by sending a specially crafted TCP packet. Thanks to FX from Sabre-Security for further analysis.
Run the portscanner amap from THC against port 6200.
Apply the patches for Oracle CPU January 2007.
10-jan-2006 Oracle secalert was informed
16-jan-2007 Oracle published CPU January 2006 [OPMN01]
16-jan-2007 Advisory published
© 2007 by Red-Database-Security GmbH - last update 16-jan-2007