6 matches found
Oracle TNS Listener Checker
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle TNS Listener Checker', 'Description' = %q This module checks the server for vulnerabilities like TNS Poison. Module sends a server a packe...
Design/Logic Flaw
The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by...
Oracle Database new zero day exploit put users at risk
Oracle Database new zero day exploit put users at risk Oracle has recommended workarounds for a zero-day Oracle Database flaw that was not fixed in the company's April critical patch update. Oracle issued a security alert for Oracle TNS Poison, the vulnerability, disclosed by researcher Joxean...
Oracle TNS Poison vulnerability is actually a 0day with no patch available
Hi all, Short history: The remote pre-authenticated vulnerability with CVSS2 10 I published some days ago 1, the vulnerability I called Oracle TNS Poison reported to vendor in 2008, is a 0day affecting all database versions from 8i to 11g R2. There is no patch at all for this vulnerability and...
Re: The history of a -probably- 13 years old Oracle bug: TNS Poison
I wanted to comment on the workarounds for this problem: 1 Setting SQLNET.ENCRYPTIONSERVER=REQUIRED on the server is not enough to protect you. To avoid "man in the middle" attacks, you need to have an SSL certificate on the server and SSLSERVERDNMATCH=TRUE in the client's sqlnet.ora. 2 Another w...
The history of a -probably- 13 years old Oracle bug: TNS Poison
tl;dr - Patch your database ASAP with Oracle Critical Patch Update April 2012. Introduction ------------ The following advisory explains a vulnerability I found in 2008 in all versions of Oracle Database server until very recently. The bug is probably available in any Oracle Database version sinc...