Red-Database-Security GmbH is specialized in Oracle Security

Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published AlertsRSS Published Alerts
Upcoming AlertsRSS Published Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Buffer Overflow in ONS Service

Name Buffer Overflow in ONS Service (6914665) [OPMN01]
Systems Affected Oracle 10g Rel. 1 / Oracle Application Server 9.0.2 and higher
Severity High Risk
Category Buffer Overflow
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
CVE  
Advisory 16 January 2007 (V 1.00)
Time to fix 371 days
CVSS Score 4.7


Details
The Oracle Notification Service (ONS) is using simple push/subscribe method to publish event mesages to all nodes with active ONS daemons. By default ONS is running on port 6200 and is installed by in Oracle RAC, Oracle Application Server and Oracle Databases 10g Release 1.

The service ONS contains a remote exploitable buffer overflow. This vulnerability could be exploited without login credentials by sending a specially crafted TCP packet. Thanks to FX from Sabre-Security for further analysis.

Testcase
Run the portscanner amap from THC against port 6200.

Patch Information
Apply the patches for Oracle CPU January 2007.


History
10-jan-2006 Oracle secalert was informed
16-jan-2007 Oracle published CPU January 2006 [OPMN01]
16-jan-2007 Advisory published


2007 by Red-Database-Security GmbH - last update 16-jan-2007