Vulnerabilities > CVE-2002-0856 - Denial Of Service vulnerability in Oracle Listener Malformed Debugging Command

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

oracle

NVD

Published: 2002-09-05

Updated: 2008-09-10

Summary

SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Database Server 9.2.1 Oracle Oracle9I 9.0 Oracle Oracle9I 9.0.1 Oracle Oracle9I 9.0.1.2 Oracle Oracle9I 9.0.1.3 Oracle Oracle9I 9.0.2	6

References

http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0072.html
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20941
http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf
http://www.iss.net/security_center/static/9237.php
http://www.securityfocus.com/bid/5457