Hello all,
I was performing a pen test and found a version of
Oracle TNS listener that reports being vulnerable to
bid 2941. After contacting the client, the DBA told me
that the patch crashed the apps on Oracle so, he
implemented the Oracle workaround contained
below. He now wants to know if that elminates the
vulnerability until he upgrades to a non-vulnerable
version. The workaround says to password protect
the listener but, from what I have read, one doesn't
need to authenticate to exploit this vulnerability.
Unfortunately, with little knowledge of Oracle and
without proof of concept code, I don't know if this
workaround is successful and if this vulnerability has
been eliminated. Any suggestions?
(from Oracle)
Workaround
~~~~~~~~~~
You must apply the patch as soon as it is available
for your platform.
However, an interim workaround until the patch is
available for your
platform is
to password protect the listener.
Once the listener has been password protected the
SET LOG_FILE and
SET TRACE_FILE commands in lsnrctl will not work
without a password.
For instructions on how to password protect the
listener see the following:
[NOTE:92602.1] How to password protect your
listener
In addition to setting the listener password you should
also set up your
permissions to limit who can has access to the
listener.ora file and the
lsnrctl executable.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
