Denial of Service Bug in Oracle9i
ISS has issued a security alert for a DoS issue
in the increasingly breakable Oracle9i database server. Due to a flaw in the software’s debugging mechanism, a remote attacker can crash the server by sending a malformed request to the SQL*NET listener. All platforms of Oracle9i 9.0.x and 9.2 are affected; a patch is available at Oracle’s support services site, bug number 2467947. ISS also recommends that
sysadmins set perimeter firewalls to filter the SQL*NET port, which is TCP/1521 by default.
(N-Stalker Security Force)
This entry was posted in Previous Security Advisories. Bookmark the permalink.