Red-Database-Security GmbH is specialized in Oracle Security

Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published AlertsRSS Published Alerts
Upcoming AlertsRSS Published Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet [AS01]

Name Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet (6085705) [AS01]
Systems Affected Oracle Discoverer Servlet
Severity Low Risk
Category Remote D.o.S.
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
CVE  
Advisory 17 April 2007 (V 1.00)


Details
The Oracle Discoverer Servlet contains a field for the database/tns alias. It is possible to send TNS STOP commands via this field and to shutdown unprotected Oracle TNS Listener.


Patch Information
Apply the patches for Oracle CPU April 2007.


History
28-oct-2003 Oracle secalert was informed
29-oct-2003 Bug confirmed
17-apr-2007 Oracle published CPU April 2007 [AS01]
17-apr-2007 Advisory published


2007 by Red-Database-Security GmbH - last update 17-apr-2007