Vulnerability Note VU#359816
Oracle database TNS listener vulnerability
The Oracle database component contains a vulnerability in the TNS listener service that may be exploited to sniff database traffic and run arbitrary database commands.
The Oracle database component contains a vulnerability in the TNS listener service that has been referred to as (TNS Poison) in public discussions. The TNS listener service accepts unauthenticated remote registrations with the appropriate connect packet (COMMAND=SERVICE_REGISTER_NSGR). Joxean Koret's email to the Full Disclosure mailing list contains additional details. Oracle Security Alert for CVE-2012-1675 also contains more information.
An unauthenticated attacker may be able to register a client using an already registered database's instance name to perform a man-in-the-middle attack that allows the attack to sniff database traffic and inject database commands to the server.
We are currently unaware of a practical solution to this problem. Please consider the following workarounds provided by Oracle.
"To demonstrate how the COST parameter "SECURE_REGISTER_listener_name = (IPC)" is used to restrict instance registration with database listeners. With this COST restriction in place only local instances will be allowed to register. These instructions can be used to address the issues published in Oracle Security Alert CVE-2012-1675 by using COST to restrict connections to only local instances."
Using Class of Secure Transport (COST) to Restrict Instance Registration in Oracle RAC
Additional information may be found at the links above.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Oracle Corporation||Affected||-||01 May 2012|
CVSS Metrics (Learn More)
This vulnerability was discovered by Joxean Koret.
This document was written by Jared Allar.
- CVE IDs: CVE-2012-1675
- Date Public: 27 Apr 2012
- Date First Published: 01 May 2012
- Date Last Updated: 01 May 2012
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.