Date: 28 Mar 2002 10:54:07 -0000
From: Andrey Gordienko <[email protected]>
To: [email protected]Subject: Oracle9i TSN DoS Attack
name : Oracle
date : 28/3/2002
description : Oracle9i TSN DoS Attack
severity : High risk
homepage : www.oracle.com
versions : 9.0.1.1 (another version may be too)
Bug description :
For crash Oracle9i you need sent ONE TCP packet
(#$00 = 1 byte) to 1521 port and you can fogot about
Oracle (CPU - 100%).You cant connect. For connect
to server you need restart TSNLISTEN.For use
expolit You DONT NEED Oracle client or any Oracle
dlls.
Solution: We sent message to oracle but we didnt
have answer
P.S. you can download win32 expolit from
www.safety-lab.com (ShadowDoSAnalyzer)
Safety-Lab www.safety-lab.com
RedShadow and Melcosoft
