Oracle Database Server 'TNS Listener' Remote Poisoning Vulnerability
BID:53308
Info
Oracle Database Server 'TNS Listener' Remote Poisoning Vulnerability
| Bugtraq ID: | 53308 |
| Class: | Design Error |
| CVE: |
CVE-2012-1675 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 30 2012 12:00AM |
| Updated: | Apr 17 2014 01:12AM |
| Credit: | Joxean Koret |
| Vulnerable: |
SuSE Manager (for SLE 11 SP1) 1.2 Oracle Oracle11g Standard Edition 11.1 .7 Oracle Oracle11g Standard Edition 11.2.0.3 Oracle Oracle11g Standard Edition 11.2.0.2.0 Oracle Oracle11g Enterprise Edition 11.2 2 Oracle Oracle11g Enterprise Edition 11.2.0.3 Oracle Oracle11g Enterprise Edition 11.1.0.7 Oracle Oracle10g Standard Edition 10.2 .5 Oracle Oracle10g Standard Edition 10.2 .3 Oracle Oracle10g Standard Edition 10.2.0.4 Oracle Oracle10g Personal Edition 10.2 .5 Oracle Oracle10g Personal Edition 10.2 .3 Oracle Oracle10g Personal Edition 10.2.0.4 Oracle Oracle10g Enterprise Edition 10.2 .5 Oracle Oracle10g Enterprise Edition 10.2 .3 Oracle Oracle10g Enterprise Edition 10.2.0.4 |
| Not Vulnerable: | |
Discussion
Oracle Database Server 'TNS Listener' Remote Poisoning Vulnerability
Oracle Database Server is prone to a remote vulnerability that allows attackers to poison the data handled by the remote 'TNS Listener' component of the application.
An attacker can exploit this issue to divert data from a legitimate remote 'TNS Listener' component of database server to an attacker-specified system.
Successful exploits will allow the attacker to manipulate database instances of the remote component, potentially facilitating man-in-the-middle, session-hijacking, or denial-of-service attacks between the component and a legitimate database server.
Oracle Database Server is prone to a remote vulnerability that allows attackers to poison the data handled by the remote 'TNS Listener' component of the application.
An attacker can exploit this issue to divert data from a legitimate remote 'TNS Listener' component of database server to an attacker-specified system.
Successful exploits will allow the attacker to manipulate database instances of the remote component, potentially facilitating man-in-the-middle, session-hijacking, or denial-of-service attacks between the component and a legitimate database server.
Exploit / POC
Oracle Database Server 'TNS Listener' Remote Poisoning Vulnerability
The researcher who discovered the issue has created a proof of concept; please see the references.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The researcher who discovered the issue has created a proof of concept; please see the references.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
Oracle Database Server 'TNS Listener' Remote Poisoning Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Oracle Database Server 'TNS Listener' Remote Poisoning Vulnerability
References:
References:
- Oracle Homepage (Oracle)
- Security Alert for CVE-2012-1675 Released (Oracle)
- The history of a -probably- 13 years old Oracle bug: TNS Poison (Joxean Koret)
- Oracle Security Alert for CVE-2012-1675 (Oracle)