CVE Identifier: CVE-2007-5506 Risk Level: High CWE Identifier: CWE-399 Systems Affected: Oracle 8.1.7.4, 10g Release 2 and 1, Oracle 9 Vendor URL: http://www.oracle.com/ Reported Date: 23rd June 2006 Public Advisory Date: 17th October 2007 Advisory Number: #NISR17102007D Vulnerability Description: Oracle RDBMS receives an invalid TNS data packet, causing CPU usage to reach 100% and leading to a Denial of Service condition. Vulnerability Details: Under specific conditions, an unauthenticated attacker can exploit a client sending a specially crafted packet to trigger the DoS condition. Fix Information: A patch was released by Oracle in June 2006, available at http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html Vulnerability Assessment Tool: NGSSquirrel for Oracle is recommended for assessing vulnerability.