CVE-2001-0513

Vulnerability

Oracle Database Server on Windows NT contains a denial-of-service vulnerability in its listener process. When a connection request is received, the listener redirects the client to a new port and spawns a separate thread to handle the connection. This thread remains in memory listening until the client connects to that port or the server is restarted. An attacker can exploit this by repeatedly sending connection requests without completing the handshake, causing many threads to accumulate. All versions of Oracle Database Server on Windows NT are affected [1].

Exploitation

An attacker with network access to the Oracle listener can send a large number of connection requests. For each request, the listener creates a new thread and redirects to a new port. The attacker does not connect to the redirected port, leaving each thread in a listening state indefinitely. By repeating this process, the attacker can exhaust available system memory [1].

Impact

Successful exploitation leads to memory exhaustion on the Oracle Database Server. Once all memory is consumed, the next console login attempt will crash the server, resulting in a denial of service. The attacker does not gain any access or privileges; the impact is purely availability [1].

Mitigation

At the time of disclosure, no official patch was available. The recommended workaround is to restrict access to the Oracle listener by enabling tcp.validnode_checking in the PROTOCOL.ORA configuration file and setting tcp.invited_nodes and tcp.excluded_nodes to limit connections to trusted hosts. This prevents unauthorized hosts from sending connection requests [1].