Oracle Security Alert #34 Dated: 5 June 2002 Security vulnerability in Oracle Net (Oracle9i Database Server) Description A potential security vulnerability has been discovered in Oracle Net for Oracle9i Database that may result in a potential of denial of service attack against Oracle Net Listener. A knowledgeable and malicious user can send a small amount of data to the configured listening endpoint (for Oracle Net Listener) that will cause the Oracle Net Listener to consume the available CPU of the host machine. Products affected Oracle9i Database Release 9.0.x (all releases) Platforms affected MS Windows and VM only. (Note: Unix, VMS, OS/390 are not affected) Workarounds None Patch Information Oracle has fixed the potential vulnerability identified above under patch number 2367681 for supported releases of Oracle9i, Release 9.0.x on Windows and VM. Download currently available patches for your platform from Oracle’ s Worldwide Support web site, Metalink, http://metalink.oracle.com. Activate the "Patches" button to get to the patches Web page. Enter 2367681 as indicated above and activate the "Submit" button. Please check with Metalink or Oracle Worldwide Support Services for patch availability if the patch for your platform is not available. Oracle strongly recommends that you comprehensively test the stability of your system upon application of any patch prior to deleting any of the original file(s) that are replaced by the patch.
|