Intrusion Prevention

Oracle.Database.Core.RDBMS.Component.DoS

Description

This indicates a possible attempt to exploit a denial of service vulnerability in Oracle Database.
The vulnerability is due to an error in the Core RDBMS Component when handling an invalid TNS data packet. Remote unauthenticated attackers can exploit this vulnerability by sending a specially crafted TNS packets. Successful exploitation of the vulnerability leads to 100% CPU usage which results in a denial of service condition.

Affected Products

Oracle PeopleSoft Enterprise PeopleTools 8.49
Oracle PeopleSoft Enterprise PeopleTools 8.48
Oracle PeopleSoft Enterprise PeopleTools 8.47
Oracle PeopleSoft Enterprise PeopleTools 8.22
Oracle PeopleSoft Enterprise Human Capital Management 9.0
Oracle PeopleSoft Enterprise Human Capital Management 8.9
Oracle Oracle9i Standard Edition 9.2.8DV
Oracle Oracle9i Standard Edition 9.2.8
Oracle Oracle9i Personal Edition 9.2.8DV
Oracle Oracle9i Personal Edition 9.2.8
Oracle Oracle9i Enterprise Edition 9.2.8DV
Oracle Oracle9i Enterprise Edition 9.2.8
Oracle Oracle10g Standard Edition 10.2.3
Oracle Oracle10g Standard Edition 10.2.2
Oracle Oracle10g Standard Edition 10.1.5
Oracle Oracle10g Personal Edition 10.2.3
Oracle Oracle10g Personal Edition 10.2.2
Oracle Oracle10g Personal Edition 10.1.5
Oracle Oracle10g Enterprise Edition 10.2.3
Oracle Oracle10g Enterprise Edition 10.2.2
Oracle Oracle10g Enterprise Edition 10.1.5
Oracle Oracle10g Application Server 10.1.3.3.0
Oracle Oracle10g Application Server 10.1.3.2.0
Oracle Oracle10g Application Server 10.1.3.1.0
Oracle Oracle10g Application Server 10.1.3.0.0
Oracle Oracle10g Application Server 10.1.2.2.0
Oracle Oracle10g Application Server 10.1.2.1.0
Oracle Oracle10g Application Server 10.1.2.0.2
Oracle Oracle10g Application Server 10.1.2.0.1
Oracle Oracle10g Application Server 9.0.43
Oracle Enterprise Manager Grid Control 10g 10.16
Oracle Enterprise Manager Grid Control 10g 10.1.5
Oracle Enterprise Manager Database Control 10g 10.2.0.3
Oracle Enterprise Manager Database Control 10g 10.2.0.2
Oracle Enterprise Manager Database Control 10g 10.1.0.5
Oracle E-Business Suite 12 12.0.3
Oracle E-Business Suite 12 12.0.2
Oracle E-Business Suite 12 12.0.1
Oracle E-Business Suite 12 12.0
Oracle E-Business Suite 11i 11.5.10 CU2
Oracle E-Business Suite 11i 11.5.10
Oracle E-Business Suite 11i 11.5.9
Oracle E-Business Suite 11i 11.5.8
Oracle Collaboration Suite 10g 10.1.2
HP Oracle for OpenView for Linux LTU Service Bureaus
HP Oracle for OpenView for Linux LTU
HP Oracle for OpenView 9.1.1
HP Oracle for OpenView 8.1.7
HP Oracle for OpenView 9.2

Impact

Denial of Service.

Recommended Actions

Oracle was alerted to this flaw on the 23rd of June 2006. A patch has now
been made available:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html

CVE References

CVE-2007-5530