Skip to main content

Oracle Database Remote Pre-authenticated TNS Poison Vulnerability

Last Update Date: 30 Apr 2012 12:18 Release Date: 30 Apr 2012 5898 Views

RISK: High Risk

TYPE: Servers - Database Servers

TYPE: Database Servers

A vulnerability has been identified in Oracle Database, which can be exploited by malicious people with network access to the TNS Listener to inject commands and/or hijack connections from the client to the database server.

 

Note: Currently, there is no patch available for this vulnerability and proof of concept exploit code is publicly available


Impact

  • Remote Code Execution

System / Technologies affected

  • Oracle Database version 8i to 11g R2

Solutions

  • NOTE: Currently, there is no patch available for this vulnerability.
  •  Workaround
    • Set the following parameter in the listener.ora configuration file
        dynamic_registration = off
    • For Oracle RAC environments, edit the file protocol.ora or, for older versions, sqlnet.ora, at the server side and add the following directives:
        TCP.VALIDNODE_CHECKING = YES
        TCP.INVITED_NODE = (Comma,separated,list,of,ALL,valid,clients, ...)
    • Enable and configure Oracle Advanced Security feature clients to use SSL/TLS. Thus, at both client and server side, the following parameters must be changed in protocol.ora or sqlnet.ora
        Client side: SQLNET.ENCRYPTION_CLIENT=REQUIRED
        Server side: SQLNET.ENCRYPTION_SERVER=REQUIRED

Vulnerability Identifier

  • No CVE information is available

Source


Related Link