Thursday, March 10, 2016

Oracle TNS Listener Poison Attack

Oracle TNS Poison Attack vulnerability, which was published as CVE 2012-1675 with CVSS score of 7.5, allows a malicious hacker to take complete control of the database server without authentication.

As explained in the article Oracle TNS Listener Poison Attack that I wrote for Information Security Buzz, the fix for this vulnerability depends upon the Oracle version that you are running. 

The default listener configuration in is vulnerable. You have to explicitly specify VALID_NODE_CHECKING_REGISTRATION_<listener_name> to LOCAL or ON or 1 in listener.ora to address this issue.

What makes this vulnerability still relevant is that there are many organizations still running and they haven’t addressed this vulnerability. As explained in this article, the fix is quite easy.