| VID |
25002 |
| Severity |
30 |
| Port |
1521 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The host is running the Oracle tnslsnr. The TNS listener (aka tnslsnr) is the network interface between a database client and the database server. tnslsnr listens on port 1521/tcp, but the DBA can change this. The listener programs in Oracle releases 7.3.4, 8.0.6, and 8.1.6 on all platforms could allow a remote attacker to gain access to the Oracle owner operating system account and the Oracle database, and to execute arbirary commands.
The default installation for the Oracle listener program accepts remote commands from remote listener controllers. If configured properly, a password is required to authenticate a user before issuing a listener command. If a password has not been set, the Oracle listener program can be configured to append log information to a file. Due to a problem with the SET TRC_FILE and SET LOG_FILE commands, these values can be changed to any file name. This allows an attacker to write arbitrary data to anywhere the tnslsnr has write permissions (e.g., .rhosts, .forward). Affected versions also are subject to denial-of-service attacks which can shutdown or crash the listener. |
| Recommendation |
1. Configure the listener password as the following processes:
a) Run 'lsnrctl' command, and get the LISTENER prompt mode.
b) Type 'change_password', and change the password of the LISTENER. This command allows you to dynamically change the password of a listener.
c) Type 'set password', and enter the password set by b). This command changes the password sent from the LSNRCTL utility to the listener process for authentication purposes only.
d) Type 'save_config'. This command creates a backup of your listener configuration file (called LISTENER.BAK) and updates the actual configuration file (LISTENER.ORA) itself to reflect any changes.
e) Type 'exit' to exit the prompts.
2. Apply the appropriate patch for your system, available from Oracle MetaLink (http://metalink.oracle.com/). Reference generic bug number 1361722 filed against the listener program. You also find a security alert for this issue on the Oracle Technology Network at the following URL:
http://otn.oracle.com/deploy/security/alerts.htm
http://otn.oracle.com/deploy/security/pdf/listener_alert.pdf |
| Related URL |
CVE-2002-1118 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
