SI
SI
discoversearch

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.
Technology Stocks : Microsoft Corp. - Moderated (MSFT)
MSFT 472.94-2.2%Jan 2 9:30 AM EST
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  
To: alydar who wrote (77)8/15/2002 11:13:29 PM
From: DiViT  Read Replies (1) of 19790
 
Hey Rocky, better let Larry know that...

"when are you going to learn that it is not the operating systems that has to be secure but the database." - rocky

The "unbreakable" Oracle9i

DoS risk from Oracle9i debugging bug

By John Leyden, The Register Aug 14 2002 11:48AM

A flaw in the debugging mechanism of Oracle9i supplies a mechanism for crackers to crash vulnerable servers.

All Oracle9i installations are vulnerable to this attack, according to security tools firm ISS, which discovered the problem. The flaw could be used to launch denial of service attacks, it warns.

Oracle9i has a debugging facility (enabled by default) which lets database administrators collect additional information about the operation of the server.

But the Oracle9i SQL*NET listener does not correctly handle certain types of debug requests that are submitted over the network. If Oracle9i encounters such a request, it will crash and no longer field SQL requests from authorised servers or clients.

Functionality can only be restored after a manual restart, according to an alert on the problem by ISS.

Oracle has issued a patch to address the issue, which can be obtained through its
Worldwide Support Services Web site.

Admins are also advised to consider filtering SQL*NET port TCP/1521 at all border gateways to limit access to the Oracle listener and mitigate the risk of the vulnerability.

online.securityfocus.com
Report TOU ViolationShare This Post
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  

HomeMailHotSubjectMarksPeopleMarksKeepersSettings
Terms Of UseContact UsCopyright/IP PolicyPrivacy PolicyAbout UsFAQAdvertise on SI
© 2026 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News