Short Name |
DB:ORACLE:TNS:DOS |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
DB |
Keywords |
Oracle TNS Listener Denial of Service |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Oracle TNS Listener program, a remote connection service for Oracle Databases. Attackers can connect to the TNS Listener server and issue the SERVICE_CURLOAD command to cause the system to become unstable and unresponsive before crashing.
The Oracle TNS Listener program is a remote connectivity service for Oracle Databases. Under some circumstances, it may be possible for a remote user to crash TNS Listener service. By connecting to the service, and issuing the SERVICE_CURLOAD command, the service becomes unstable. It has been reported that this will cause the listenering to stop responding to connections, and also crash after the command is issued.