Signature Detail

DB: Oracle Database TNS Listener Service Registration Lack of Authentication

This signature detects attempts to exploit a known flaw in the TNS Listener component of Oracle's database. A successful attack can lead to redirect legitimate database queries to a rogue server or to perform a man-in-the-middle attack to hijack established connections. As a result, the attacker could gain full access to the database with the privileges of the user whose connection was hijacked.

Extended Description

Oracle Database Server is prone to a remote vulnerability that allows attackers to poison the data handled by the remote 'TNS Listener' component of the application. An attacker can exploit this issue to divert data from a legitimate remote 'TNS Listener' component of database server to an attacker-specified system. Successful exploits will allow the attacker to manipulate database instances of the remote component, potentially facilitating man-in-the-middle, session-hijacking, or denial-of-service attacks between the component and a legitimate database server.

Affected Products

• Oracle oracle10g_enterprise_edition 10.2.0 .3
• Oracle oracle10g_enterprise_edition 10.2.0.4
• Oracle oracle10g_enterprise_edition 10.2.0 .5
• Oracle oracle10g_personal_edition 10.2.0 .3
• Oracle oracle10g_personal_edition 10.2.0.4
• Oracle oracle10g_personal_edition 10.2.0 .5
• Oracle oracle10g_standard_edition 10.2.0 .3
• Oracle oracle10g_standard_edition 10.2.0.4
• Oracle oracle10g_standard_edition 10.2.0 .5
• Oracle oracle11g_enterprise_edition 11.1.0.7
• Oracle oracle11g_enterprise_edition 11.2.0.2
• Oracle oracle11g_enterprise_edition 11.2.0.3
• Oracle oracle11g_standard_edition 11.1.0.7
• Oracle oracle11g_standard_edition 11.2.0.2.0
• Oracle oracle11g_standard_edition 11.2.0.3
• Suse manager_(for_sle_11_sp1) 1.2

References

• BugTraq: 53308
• CVE: CVE-2012-1675