BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Oracle Database TNS Session Hijack

Disclosed April 18, 2012    Fully Patched

Vulnerability Description:

The TNS Listener used in Oracle Databases may allow a remote attacker to inject arbitrary database commands via remote registration of a database instance or service name that already exists. This may allow the attacker to perform database commands that may give them access to sensitive information.

Vendors:

Oracle

Vulnerable Software/Devices:

  • Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
  • Oracle Database 11g Release 1, version 11.1.0.7
  • Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5

Vulnerability Severity:

High

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

Beyond Trust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 16300 - Oracle Database TNS Session Hijack - UNIX/Linux
  • 16301 - Oracle Database TNS Session Hijack - Windows

Mitigation:

Leverage COST to restrict instance registration.

Links:

CVE(s):

None

Leave a Reply