Vulnerabilities > CVE-2002-0965 - Remote Buffer Overflow vulnerability in Oracle TNSListener SERVICE_NAME
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description | Oracle 8i TNS Listener SERVICE_NAME Buffer Overflow. CVE-2002-0965. Remote exploit for windows platform |
id | EDB-ID:16341 |
last seen | 2016-02-01 |
modified | 2010-11-24 |
published | 2010-11-24 |
reporter | metasploit |
source | https://www.exploit-db.com/download/16341/ |
title | Oracle 8i TNS Listener SERVICE_NAME Buffer Overflow |
Metasploit
description | This module exploits a stack buffer overflow in Oracle. When sending a specially crafted packet containing a long SERVICE_NAME to the TNS service, an attacker may be able to execute arbitrary code. |
id | MSF:EXPLOIT/WINDOWS/ORACLE/TNS_SERVICE_NAME |
last seen | 2020-04-11 |
modified | 2017-07-24 |
published | 2009-07-15 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/oracle/tns_service_name.rb |
title | Oracle 8i TNS Listener SERVICE_NAME Buffer Overflow |
Packetstorm
data source | https://packetstormsecurity.com/files/download/83091/tns_service_name.rb.txt |
id | PACKETSTORM:83091 |
last seen | 2016-12-05 |
published | 2009-11-26 |
reporter | MC |
source | https://packetstormsecurity.com/files/83091/Oracle-TNS-Listener-SERVICE_NAME-Buffer-Overflow..html |
title | Oracle TNS Listener SERVICE_NAME Buffer Overflow. |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0096.html
- http://online.securityfocus.com/archive/1/276526
- http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf
- http://www.iss.net/security_center/static/9288.php
- http://www.kb.cert.org/vuls/id/630091
- http://www.securityfocus.com/bid/4845