漏洞信息详情
Oracle TNS Listener Service_CurLoad远程拒绝服务攻击漏洞
- CNNVD编号:CNNVD-200210-284
- 危害等级: 中危
![图片[1]-Oracle TNS Listener Service_CurLoad远程拒绝服务攻击漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-04-26/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2002-1118
- 漏洞类型:
其他
- 发布时间:
2002-09-09
- 威胁类型:
远程
- 更新时间:
2005-05-13
- 厂 商:
oracle - 漏洞来源:
Rapid 7 Security※ … -
漏洞简介
Oralce TNS listener是一款Oracle数据库的远程连接服务程序。
Oralce TNS listener对SERVICE_CURLOAD命令缺少正确处理,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
攻击者可以通过连接Oracle TNS listener(一般是TCP/1521端口)并发送命令\”(CONNECT_DATA=(COMMAND=SERVICE_CURLOAD))\”,可导致Oracle服务程序回送指示成功执行的信息,但是,一旦调用者关闭连接,Listener服务就停止应答。根据攻击者保持原始连接的打开多长时间其拒绝服务攻击的效果也不一样。当Listener正在为新连接服务时如果调用者关闭连接,就可以使新的连接服务关闭并导致访问冲突。如果调用者关闭Listener连接在其他服务请求之前,Listener服务就会拒绝所有新的连接。
漏洞公告
临时解决方法:
如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 设置边界防火墙策略,对Oracle TNS listener进行访问控制,只允许可信IP访问。
厂商补丁:
Oracle
——
Oracle已经为此发布了一个安全公告(OracleSA#42)以及相应补丁:
OracleSA#42:Security vulnerability in Oracle Net Services
链接:http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf” target=”_blank”>
http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf
补丁下载:
Oracle Oracle 8i Enterprise Edition 8.1.5 .1.0:
Oracle Patch 2540219
http://metalink.oracle.com” target=”_blank”>
http://metalink.oracle.com
Oracle Oracle 8i Enterprise Edition 8.1.5 .0.2:
Oracle Patch 2540219
http://metalink.oracle.com” target=”_blank”>
http://metalink.oracle.com
Oracle Oracle 8i Enterprise Edition 8.1.5 .0.0:
Oracle Patch 2540219
http://metalink.oracle.com” target=”_blank”>
http://metalink.oracle.com
Oracle Oracle8i 8.1.5:
Oracle Patch 2540219
http://metalink.oracle.com” target=”_blank”>
http://metalink.oracle.com
Oracle Oracle 8i Enterprise Edition 8.1.6 .1.0:
Oracle Patch 2540219
http://metalink.oracle.com” target=”_blank”>
http://metalink.oracle.com
Oracle Oracle 8i Enterprise Edition 8.1.6 .0.0:
Oracle Patch 2540219
http://metalink.oracle.com” target=”_blank”>
http://metalink.oracle.com
Oracle Oracle8i 8.1.6:
Oracle Patch 2540219
http://metalink.oracle.com” target=”_blank”>
http://metalink.oracle.com
Oracle Oracle 8i Enterprise Edition 8.1.7 .1.0:
Oracle Patch 2540219
http://metalink.oracle.com” target=”_blank”>
http://metalink.oracle.com
Oracle Oracle8i 8.1.7 .1:
Oracle Patch 2540219
http://metalink.oracle.com” target=”_blank”>
http://metalink.oracle.com
Oracle Oracle 8i Enterprise Edition 8.1.7 .0.0:
Oracle Patch 2540219
http://metalink.oracle.com” target=”_blank”>
http://metalink.oracle.com
Oracle Oracle8i 8.1.7:
Oracle Patch 2540219
http://metalink.oracle.com” target=”_blank”>
http://metalink.oracle.com
Oracle Oracle9i 9.0:
Oracle Patch 2540219
http://metalink.oracle.com” target=”_blank”>
http://metalink.oracle.com
Oracle Oracle9i 9.0.1 .3:
Oracle Patch 2540219
http://metalink.oracle.com” target=”_blank”>
http://metalink.oracle.com
Oracle Oracle9i 9.0.1 .2:
Oracle Patch 2540219
http://metalink.oracle.com” target=”_blank”>
http://metalink.oracle.com
Oracle Oracle9i 9.0.1:
Oracle Patch 2540219
http://metalink.oracle.com” target=”_blank”>
http://metalink.oracle.com
Oracle Oracle9i 9.0.2:
Oracle Patch 2540219
http://metalink.oracle.com” target=”_blank”>
http://metalink.oracle.com
参考网址
来源: otn.oracle.com
链接:http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf
来源: VULNWATCH
名称: 20021009 R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service
链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html
来源: XF
名称: oracle-net-services-dos(10283)
链接:http://www.iss.net/security_center/static/10283.php
来源: BID
名称: 5678
链接:http://www.securityfocus.com/bid/5678
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
