This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects an attempt to exploit a buffer overflow vulnerability in Oracle 9i.
Oracle has reported that the XML Database functionality (XDB) in Oracle 9i Release 2 is vulnerable to a remotely exploitable buffer overflow condition. The flaw can be exploited through the HTTP or FTP services, which are enabled by default. If the services are disabled, the vulnerabilities may still be exploited if the attacker has valid database credentials. This vulnerability can be exploited to cause a denial-of-service or compromise the database server.
Oracle has stated that Oracle 9i Release 1 and prior are not affected. The Oracle advisory that prompted this alert is likely related to the vulnerabilities described in BID 8375.
- Oracle Oracle9i Enterprise Edition 184.108.40.206
- Oracle Oracle9i Personal Edition 220.127.116.11
- Oracle Oracle9i Standard Edition 18.104.22.168
Oracle has advised administrators to disable the HTTP/FTP services that are enabled by default. To do this, perform the following steps:
1. Open the Oracle 9i Database Server configuration file "INIT.ORA"
2. On the "dispatchers" parameter line, remove the string:
Where sid-name is the SID of the database.
3. Restart the database
Note: This workaround will only disable the HTTP and FTP services. The vulnerability will still be present and potentially exploitable if the attacker has database credentials.
The fix is included in patch set 22.214.171.124, which can be applied only to version 126.96.36.199. See the Oracle advisory in the reference section for more information.