Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 DB:ORACLE:TNS:CMD-EXEC

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 DB

Keywords

 Oracle TNS Command Execution

Release Date

 2005/10/27

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

DB: Oracle TNS Command Execution


This signature detects attempts to exploit a known vulnerability in the Oracle database TNS Listener. A malicious attacker can gain a higher level of access, which might lead to remote arbitrary code execution. Vendor supplied patches are available.

Extended Description

Oracle is a commercial relational database product. Oracle is available for the Unix, Linux, and Microsoft Windows platforms. Oracle allows PL/SQL code to execute arbitrary library calls through a request to the Oracle Listener process. As there is no authentication, any party able to connect to the Listener may emulate this conversation and cause arbitrary library calls to be executed as the oracle user, including system and exec. It is also possible to redirect standard IO to a socket. This may immediately lead to a local compromise of the Oracle user. On Windows based systems, the call is run within the local SYSTEM security context. On Unix systems, the Listener may run with user-level privileges. ** A reliable source has indicated that a patch for this issue is available to Oracle customers but introduces the issue described in BID 8267 as a side effect. Symantec has not been able to confirm this information.

Affected Products

  • Oracle oracle8 8.0.1
  • Oracle oracle8 8.0.2
  • Oracle oracle8 8.0.3
  • Oracle oracle8 8.0.4
  • Oracle oracle8 8.0.5
  • Oracle oracle8 8.0.5 .1
  • Oracle oracle8 8.0.6
  • Oracle oracle8 8.1.5
  • Oracle oracle8 8.1.6
  • Oracle oracle8 8.1.7
  • Oracle oracle8 8.1.7 .4
  • Oracle oracle8i_enterprise_edition 8.0.5 .0.0
  • Oracle oracle8i_enterprise_edition 8.0.6 .0.0
  • Oracle oracle8i_enterprise_edition 8.0.6 .0.1
  • Oracle oracle8i_enterprise_edition 8.1.5 .0.0
  • Oracle oracle8i_enterprise_edition 8.1.5 .0.2
  • Oracle oracle8i_enterprise_edition 8.1.5 .1.0
  • Oracle oracle8i_enterprise_edition 8.1.6 .0.0
  • Oracle oracle8i_enterprise_edition 8.1.6 .1.0
  • Oracle oracle8i_enterprise_edition 8.1.7 .0.0
  • Oracle oracle8i_enterprise_edition 8.1.7 .1.0
  • Oracle oracle8i_enterprise_edition 8.1.7.4.0
  • Oracle oracle8i_standard_edition 8.1.5
  • Oracle oracle8i_standard_edition 8.1.6
  • Oracle oracle8i_standard_edition 8.1.7
  • Oracle oracle8i_standard_edition 8.1.7 .0.0
  • Oracle oracle8i_standard_edition 8.1.7 .1
  • Oracle oracle8i_standard_edition 8.1.7 .4
  • Oracle oracle9i_standard_edition 9.0.0
  • Oracle oracle9i_standard_edition 9.0.1

References

  • BugTraq: 4033
  • CVE: CVE-2002-0567
  • URL: http://otn.oracle.com/deploy/security/pdf/listener_alert.pdf

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out