Check Point Advisories

Oracle Database Core RDBMS Component Denial of Service (CVE-2007-5530)

Vulnerability
Protection

Check Point Reference:	CPAI-2007-335
Date Published:	17 Dec 2009
Severity:	Critical
Last Updated:	Thursday 13 December, 2012
Source:
Industry Reference:	CVE-2007-5530
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description	Oracle Database is an enterprise-level relational database suite. Oracle Database contains many components that enable users and administrators to access it for various tasks, such as database manipulation, or administration of the numerous Oracle services. There exists a denial of service vulnerability in the Oracle Database Server. The vulnerability is due to an error in Core RDBMS component when handling an invalid TNS data packet. Remote unauthenticated attackers could exploit this vulnerability by sending a specially crafted TNS packet. In a successful attack case, the target host gets a CPU usage of 100% which results in a denial of service condition. Normal operation can be restored by stopping and restarting the affected process.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

In the IPS tab, click Protections and find the Oracle Database Core RDBMS Component Denial of Service protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Oracle Protection Violation.
Attack Information: Oracle Database Core RDBMS component denial of service