The TNS Listener used in Oracle Databases may allow a remote attacker to inject arbitrary database commands via remote registration of a database instance or service name that already exists. This may allow the attacker to perform database commands that may give them access to sensitive information.
- Oracle Database 11g Release 2, versions 220.127.116.11, 18.104.22.168
- Oracle Database 11g Release 1, version 22.214.171.124
- Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
BeyondTrust Prevention and Detection:
Beyond Trust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 16300 - Oracle Database TNS Session Hijack - UNIX/Linux
- 16301 - Oracle Database TNS Session Hijack - Windows