('binary' encoding is not supported, stored as-is) Hello all, I was performing a pen test and found a version of Oracle TNS listener that reports being vulnerable to bid 2941. After contacting the client, the DBA told me that the patch crashed the apps on Oracle so, he implemented the Oracle workaround contained below. He now wants to know if that elminates the vulnerability until he upgrades to a non-vulnerable version. The workaround says to password protect the listener but, from what I have read, one doesn't need to authenticate to exploit this vulnerability. Unfortunately, with little knowledge of Oracle and without proof of concept code, I don't know if this workaround is successful and if this vulnerability has been eliminated. Any suggestions? (from Oracle) Workaround ~~~~~~~~~~ You must apply the patch as soon as it is available for your platform. However, an interim workaround until the patch is available for your platform is to password protect the listener. Once the listener has been password protected the SET LOG_FILE and SET TRACE_FILE commands in lsnrctl will not work without a password. For instructions on how to password protect the listener see the following: [NOTE:92602.1] How to password protect your listener In addition to setting the listener password you should also set up your permissions to limit who can has access to the listener.ora file and the lsnrctl executable. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Jan 11 2002 - 11:42:12 PST