• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Oracle TNS Listener GIOP Service Remote Denial Of Service and Information Disclosure Vulnerability

Oracle TNS Listener is prone to a remote denial-of-service and information-disclosure issue.

By sending specially crafted GIOP (General Inter-ORB Protocol) packets to affected applications, a remote attacker can crash the TNS Listener, denying database service to legitimate users. Also, the attacker can exploit the same vulnerability to expose memory contents that may contain sensitive information.

This issue affects Oracle 8.1.7.4, Oracle 10g Release 2 and 1, and Oracle 9.

NOTE: This issue was previously documented in BID 26039 (Oracle October 2007 Critical Patch Update Multiple Vulnerabilities) and has been given its own BID to better document the details.