Vulners
Lucene search
Oracle TNS Listener Checker
🗓️ 31 Aug 2024 00:00:00Reported by Jay Turla, metasploit.comType 
packetstorm🔗 packetstormsecurity.com👁 549 Views
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | CVE-2012-1675 | 29 May 201815:50 | – | circl |
 | Oracle Database TNS Listener Service Registration Authentication Weakness (CVE-2012-1675) | 2 Jul 201200:00 | – | checkpoint_advisories |
 | CVE-2012-1675 | 8 May 201222:00 | – | cve |
 | CVE-2012-1675 | 8 May 201222:00 | – | cvelist |
 | Jok3R - Network And Web Pentest Framework | 23 Jan 201912:25 | – | kitploit |
 | Oracle TNS Listener Checker | 13 Oct 201408:21 | – | metasploit |
 | Oracle Database Attacking Tool: ODAT | 23 Feb 201808:08 | – | n0where |
 | CVE-2012-1675 | 8 May 201222:55 | – | nvd |
 | Oracle Critical Patch Update - July 2012 | 17 Jul 201200:00 | – | oracle |
| Oracle Critical Patch Update - July 2012 | 17 Jul 201200:00 | – | oracle |
10
`##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Auxiliary::Scanner
include Msf::Exploit::Remote::TNS
def initialize(info = {})
super(update_info(info,
'Name' => 'Oracle TNS Listener Checker',
'Description' => %q{
This module checks the server for vulnerabilities like TNS Poison.
Module sends a server a packet with command to register new TNS Listener and checks
for a response indicating an error. If the registration is errored, the target is not
vulnerable. Otherwise, the target is vulnerable to malicious registrations.
},
'Author' => ['ir0njaw (Nikita Kelesis) <nikita.elkey[at]gmail.com>'], # of Digital Security [http://dsec.ru]
'References' =>
[
[ 'CVE', '2012-1675'],
[ 'URL', 'https://seclists.org/fulldisclosure/2012/Apr/204' ],
],
'DisclosureDate' => '2012-04-18',
'License' => MSF_LICENSE))
register_options(
[
Opt::RPORT(1521)
])
end
def run_host(ip)
begin
connect
send_packet = tns_packet("(CONNECT_DATA=(COMMAND=service_register_NSGR))")
sock.put(send_packet)
packet = sock.read(100)
if packet
hex_packet = Rex::Text.to_hex(packet, ':')
split_hex = hex_packet.split(':')
find_packet = /\(ERROR_STACK=\(ERROR=/ === packet
if find_packet == true #TNS Packet returned ERROR
print_error("#{ip}:#{rport} is not vulnerable")
elsif split_hex[5] == '02' #TNS Packet Type: ACCEPT
print_good("#{ip}:#{rport} is vulnerable")
elsif split_hex[5] == '04' #TNS Packet Type: REFUSE
print_error("#{ip}:#{rport} is not vulnerable")
else #All other TNS packet types or non-TNS packet type response cannot guarantee vulnerability
print_error("#{ip}:#{rport} might not be vulnerable")
end
else
print_error("#{ip}:#{rport} is not vulnerable")
end
# TODO: Module should report_vuln if this finding is solid.
rescue ::Rex::ConnectionError, ::Errno::EPIPE
print_error("#{ip}:#{rport} unable to connect to the server")
end
end
end
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Aug 2024 00:00Current
7.1High risk
Vulners AI Score7.1
CVSS 27.5
EPSS0.91411