| VID |
25001 |
| Severity |
40 |
| Port |
1521 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The host is running the Oracle tnslsnr. The TNS listener (aka tnslsnr) is the network interface between a database client and the database server. tnslsnr listens on port 1521/tcp, but the DBA can change this. The remote Oracle tnslsnr has no password assigned.
The default installation for the Oracle listener program accepts remote commands from remote listener controllers. If configured properly, a password is required to authenticate a user before issuing a listener command. If a password has not been set, an attacker can remotely execute at least three commands that are useful for information gathering, version, status and services, and may use this fact to shut the listener down arbitrarily. The 'version' command reveals the version of Oracle. Another command, the 'status' command is including START_DATE, UPTIME fields and the path to LOGFILE and PRMFILE. This can give you a good idea of the filesystem layout. The 'services' command outputs still more information: PROGRAM, ENVS, and ARGV0 are potentially interesting. If the tnslsnr was started out of an interactive shell, ENVS will contain the user's environment. |
| Recommendation |
Configure the listener password as the following processes:
1. Run 'lsnrctl' command, and get the LISTENER prompt mode.
2. Type 'change_password', and change the password of the LISTENER. This command allows you to dynamically change the password of a listener.
3. Type 'set password', and enter the password set by 2. This command changes the password sent from the LSNRCTL utility to the listener process for authentication purposes only.
4. Type 'save_config'. This command creates a backup of your listener configuration file (called LISTENER.BAK) and updates the actual configuration file (LISTENER.ORA) itself to reflect any changes.
5. Type 'exit' to exit the prompts. |
| Related URL |
CVE-2000-0818 (CVE) |
| Related URL |
1853 (SecurityFocus) |
| Related URL |
5380 (ISS) |
|
