COMMAND

    Oracle

SYSTEMS AFFECTED

    Oracle (all versions of Oracle on Windows NT)

PROBLEM

    Following  is  based  on  a  Internet  Security  Systems  Security
    Advisory.  Internet Security Systems (ISS) X-Force has  identified
    a  vulnerability   with  redirected   Oracle  connections.    This
    vulnerability allows  an unauthenticated  user to  consume all the
    memory on an Oracle server.  It is also possible for remote  users
    to deny access to all  other users and cause the  operating system
    to  crash.   This  issue  is  found  on  all versions of Oracle on
    Windows NT.   This vulnerability  causes a  Windows NT  system  to
    consume 100% of available memory.  Access to the server is  denied
    and a full reboot is required.

    For Oracle on  Windows NT, the  Oracle listener process  redirects
    connection requests to a new  port and the Oracle Database  server
    creates a new thread for this  port.  If a connection to  the port
    is not  made, the  thread and  consumed memory  is lost  until the
    Oracle Database server is restarted.  By repeatedly requesting  to
    be redirected and  not connecting to  the waiting port,  an Oracle
    server can  be forced  into consuming  all memory  on the  server.
    Once all memory  has been consumed  on the server,  any attempt to
    log in to the console results in crashing the operating system.

    This  vulnerability  was  researched  by  Jon  Isaac  of  Internet
    Security Systems.

SOLUTION

    There is an immediate workaround for this security  vulnerability.
    Oracle Net8 (formerly Oracle SQL*Net) has a feature called  "valid
    node checking" that can be used to allow or deny access to  Oracle
    server processes from network clients with specified IP addresses.

    The following  parameters can  be established  in PROTOCOL.ORA,  a
    configuration  file  of  Oracle  Net8  to implement the valid node
    checking feature:

        tcp.validnode_checking = YES
        tcp.invited_nodes = {list of IP addresses}
        tcp.excluded_nodes = {list of IP addresses}

    The  first  parameter  turns  on  the valid node checking feature.
    The latter  two parameters  respectively specify  the IP addresses
    that  are  permitted  to  make  network connections or denied from
    making network connections to the Oracle server processes.

    A  combination  of  the  parameters  listed  above can effectively
    prevent  the  Oracle  database  server  from  consuming Windows NT
    memory in the manner described.