Short Name |
DB:ORACLE:INSECURE-TNS-LISTENER |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
DB |
Keywords |
Oracle Insecure TNS Listener Configuration |
Release Date |
2004/09/15 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects an Oracle Database instance where the listener security options have been disabled, enabling database access for any connection (including attackers). Servers triggering this signature should be reviewed by a qualified Oracle DBA for security concerns.
A denial of service vulnerability exists in Oracle 8i. An attacker connecting to the host and sending a malformed SQLNet (Type-1) connection request, could cause the host to stop responding.