BID:26103

Oracle TNS Listener GIOP Service Remote Denial Of Service and Information Disclosure Vulnerability

Info

Oracle TNS Listener GIOP Service Remote Denial Of Service and Information Disclosure Vulnerability

Bugtraq ID:	26103
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-5507
Remote:	Yes
Local:	No
Published:	Oct 17 2007 12:00AM
Updated:	May 07 2015 05:34PM
Credit:	David Litchfield <[email protected]> is credited with the discovery of this issue.
Vulnerable:	Oracle TNS Listener 0 Oracle Oracle9i Standard Edition 9.2 .8DV Oracle Oracle9i Standard Edition 9.2 .8 Oracle Oracle9i Standard Edition 9.2 .7 Oracle Oracle9i Standard Edition 9.2 .6 Oracle Oracle9i Standard Edition 9.2 .3 Oracle Oracle9i Standard Edition 9.2 .2 Oracle Oracle9i Standard Edition 9.2 .1 Oracle Oracle9i Standard Edition 9.2 .0.5 Oracle Oracle9i Standard Edition 9.2 .0.3 Oracle Oracle9i Standard Edition 9.2 .0.2 Oracle Oracle9i Standard Edition 9.2 .0.1 Oracle Oracle9i Standard Edition 9.2 Oracle Oracle9i Standard Edition 9.0.4 Oracle Oracle9i Standard Edition 9.0.2 Oracle Oracle9i Standard Edition 9.0.1 .5 FIPS Oracle Oracle9i Standard Edition 9.0.1 .5 Oracle Oracle9i Standard Edition 9.0.1 .4 Oracle Oracle9i Standard Edition 9.0.1 .3 Oracle Oracle9i Standard Edition 9.0.1 .2 Oracle Oracle9i Standard Edition 9.0.1 Oracle Oracle9i Standard Edition 9.0 .2.4 Oracle Oracle9i Standard Edition 9.0 Oracle Oracle9i Personal Edition 9.2 .8DV Oracle Oracle9i Personal Edition 9.2 .8 Oracle Oracle9i Personal Edition 9.2 .7 Oracle Oracle9i Personal Edition 9.2 .6 Oracle Oracle9i Personal Edition 9.2 .0.5 Oracle Oracle9i Personal Edition 9.2 .0.3 Oracle Oracle9i Personal Edition 9.2 .0.2 Oracle Oracle9i Personal Edition 9.2 .0.1 Oracle Oracle9i Personal Edition 9.2 Oracle Oracle9i Personal Edition 9.0.4 Oracle Oracle9i Personal Edition 9.0.1 .5 FIPS Oracle Oracle9i Personal Edition 9.0.1 .5 Oracle Oracle9i Personal Edition 9.0.1 .4 Oracle Oracle9i Personal Edition 9.0.1 Oracle Oracle9i Personal Edition 9.0 .2.4 Oracle Oracle9i Enterprise Edition 9.2 .8DV Oracle Oracle9i Enterprise Edition 9.2 .8.0 Oracle Oracle9i Enterprise Edition 9.2 .7.0 Oracle Oracle9i Enterprise Edition 9.2 .6.0 Oracle Oracle9i Enterprise Edition 9.2 .2 Oracle Oracle9i Enterprise Edition 9.2 .0.5 Oracle Oracle9i Enterprise Edition 9.2 .0.3 Oracle Oracle9i Enterprise Edition 9.2 .0.1 Oracle Oracle9i Enterprise Edition 9.2 .0 Oracle Oracle9i Enterprise Edition 9.0.4 Oracle Oracle9i Enterprise Edition 9.0.1 .5 FIPS Oracle Oracle9i Enterprise Edition 9.0.1 .5 Oracle Oracle9i Enterprise Edition 9.0.1 .4 Oracle Oracle9i Enterprise Edition 9.0.1 Oracle Oracle9i Enterprise Edition 9.0 .2.4 Oracle Oracle8i Standard Edition 8.1.7 .4 Oracle Oracle8i Enterprise Edition 8.1.7 .4.0 Oracle Oracle10g Standard Edition 10.2 .3 Oracle Oracle10g Standard Edition 10.2 .2 Oracle Oracle10g Standard Edition 10.2 .1 Oracle Oracle10g Standard Edition 10.1 .5 Oracle Oracle10g Standard Edition 10.1 .4.2 Oracle Oracle10g Standard Edition 10.1 .0.5 Oracle Oracle10g Standard Edition 10.1 .0.4 Oracle Oracle10g Standard Edition 10.1 .0.3.1 Oracle Oracle10g Standard Edition 10.1 .0.3 Oracle Oracle10g Standard Edition 10.1 .0.2 Oracle Oracle10g Personal Edition 10.2 .3 Oracle Oracle10g Personal Edition 10.2 .2 Oracle Oracle10g Personal Edition 10.2 .1 Oracle Oracle10g Personal Edition 10.1 .5 Oracle Oracle10g Personal Edition 10.1 .0.4 Oracle Oracle10g Personal Edition 10.1 .0.3.1 Oracle Oracle10g Personal Edition 10.1 .0.3 Oracle Oracle10g Personal Edition 10.1 .0.2 Oracle Oracle10g Enterprise Edition 10.2 .3 Oracle Oracle10g Enterprise Edition 10.2 .2 Oracle Oracle10g Enterprise Edition 10.2 .1 Oracle Oracle10g Enterprise Edition 10.1 .5 Oracle Oracle10g Enterprise Edition 10.1 .0.4 Oracle Oracle10g Enterprise Edition 10.1 .0.3.1 Oracle Oracle10g Enterprise Edition 10.1 .0.3 Oracle Oracle10g Enterprise Edition 10.1 .0.2 Oracle Oracle10g Application Server 10.1.3 .4.0 Oracle Oracle10g Application Server 10.1.3 .3.0 Oracle Oracle10g Application Server 10.1.3 .2.0 Oracle Oracle10g Application Server 10.1.3 .1.0 Oracle Oracle10g Application Server 10.1.3 .0.0 Oracle Oracle10g Application Server 10.1.2 .2.0 Oracle Oracle10g Application Server 10.1.2 .1.0 Oracle Oracle10g Application Server 10.1.2 .0.2 Oracle Oracle10g Application Server 10.1.2 .0.1 Oracle Oracle10g Application Server 10.1.2 Oracle Oracle10g Application Server 10.1 .5 Oracle Oracle10g Application Server 10.1 .0.4 Oracle Oracle10g Application Server 10.1 .0.3.1 Oracle Oracle10g Application Server 10.1 .0.3 Oracle Oracle10g Application Server 10.1 .0.2 HP Oracle for OpenView for Linux LTU Service Bureaus 0 HP Oracle for OpenView for Linux LTU 0 HP Oracle for OpenView 9.1.1 HP Oracle for OpenView 8.1.7 HP Oracle for OpenView 9.2

Not Vulnerable:

Discussion

Oracle TNS Listener GIOP Service Remote Denial Of Service and Information Disclosure Vulnerability

Oracle TNS Listener is prone to a remote denial-of-service and information-disclosure issue.

By sending specially crafted GIOP (General Inter-ORB Protocol) packets to affected applications, a remote attacker can crash the TNS Listener, denying database service to legitimate users. Also, the attacker can exploit the same vulnerability to expose memory contents that may contain sensitive information.

This issue affects Oracle 8.1.7.4, Oracle 10g Release 2 and 1, and Oracle 9.

NOTE: This issue was previously documented in BID 26039 (Oracle October 2007 Critical Patch Update Multiple Vulnerabilities) and has been given its own BID to better document the details.

Exploit / POC

Oracle TNS Listener GIOP Service Remote Denial Of Service and Information Disclosure Vulnerability

An attacker can exploit this issue by using readily available network utilities.

Solution / Fix

Oracle TNS Listener GIOP Service Remote Denial Of Service and Information Disclosure Vulnerability

Solution:
The vendor has released an advisory and updates to address this issue. Please see the references for details.

References

Oracle TNS Listener GIOP Service Remote Denial Of Service and Information Disclosure Vulnerability

References:

Oracle Homepage (Oracle)
HPSBMA02133 SSRT061201 rev.6 - HP Oracle for OpenView (OfO) Critical Patch Updat ([email protected])
Oracle TNS Listener DoS and/or remote memory inspection ("NGSSoftware Insight Security Research" )
High Risk Vulnerability in Oracle TNS Listener (NGSSoftware)
Oracle Critical Patch Update - October 2007 (Oracle)