Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet [AS01]
The Oracle Discoverer Servlet contains a field for the database/tns alias. It is possible to send TNS STOP commands via this field and to shutdown unprotected Oracle TNS Listener.
Apply the patches for Oracle CPU April 2007.
28-oct-2003 Oracle secalert was informed
29-oct-2003 Bug confirmed
17-apr-2007 Oracle published CPU April 2007 [AS01]
17-apr-2007 Advisory published
© 2007 by Red-Database-Security GmbH - last update 17-apr-2007