Red-Database-Security GmbH is specialized in Oracle SecurityProductsRepscan 2.5 Hedgehog Enterprise Checkpwd (free)
Services
Information
Company |
Buffer Overflow in ONS Service
Details The Oracle Notification Service (ONS) is using simple push/subscribe method to publish event mesages to all nodes with active ONS daemons. By default ONS is running on port 6200 and is installed by in Oracle RAC, Oracle Application Server and Oracle Databases 10g Release 1. The service ONS contains a remote exploitable buffer overflow. This vulnerability could be exploited without login credentials by sending a specially crafted TCP packet. Thanks to FX from Sabre-Security for further analysis. Testcase Run the portscanner amap from THC against port 6200. Patch Information Apply the patches for Oracle CPU January 2007. History 10-jan-2006 Oracle secalert was informed 16-jan-2007 Oracle published CPU January 2006 [OPMN01] 16-jan-2007 Advisory published © 2007 by Red-Database-Security GmbH - last update 16-jan-2007 |