Oracle addresses 0-day "TNS Poison"
Posted on 02 May 2012.
Update: Edited to reflect that Oracle has released a configuration workaround, not a patch.

This week Oracle released an out-of-band patch for the CVE-2012-1675 vulnerability in the Oracle Database Server V10 and V11, addressing a 0-day vulnerability that was recently published on the full-disclosure mailing list under the name "TNS Poison" by Joxean Koret.

Apparently Joxean discovered the vulnerability in 2008, then sold it to iSightPartners and was under the mistaken impression that the vulnerability was fixed in last month's CPU, when he released his advisory. More details can be found in a follow-up post on the ful-disclosure list and a video of the vulnerability being exploited can be seen here.

The vulnerability is in the TNS listener part of the Oracle database server and allows an attacker to perform a man-in-the-middle attack by registering an additional database instance in the TNS listener. The listener will then start load-balancing traffic to the new instance.

This allows the attacker to receive the database transactions, record them and forward them to the original database. The attacker can potentially modify the transactions and execute commands on the original database server.

While Oracle recommends installing the patch as soon as possible, we believe that the position of the Oracle databases that need to be patched in your network plays an important role in determining your patch roll-out.

Production Oracle database installations typically do not expose their TNS listener to the Internet or even the enterprise network. A good map of your network environment will be helpful in determining where to act first.


Author: Wolfgang Kandek, CTO, Qualys.





Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //