Main
FACULTAD DE ESTUDIOS SUPERIORES ACATLÁN
ADMINISTRACION DE BASE DE DATOS
PROFESOR: Rosas Hernández Javier
LECTURA:
Vulnerability in Oracle DatabaseServer 'TNS Listener' Could Allow for Session-Hijacking
Salgado Mendoza Jorge
GRUPO: 2854
FECHA: 23/05/2012
MS-ISAC ADVISORY NUMBER:
2012-025
DATE(S) ISSUED:
5/01/2012
SUBJECT:Vulnerability in Oracle Database Server 'TNS Listener' Could Allow for Session-Hijacking
OVERVIEW:
A vulnerability has been discovered in the Oracle database server's 'TNS Listener' service, which couldallow for multiple remote attacks against an Oracle database. This vulnerability may be remotely exploitable without authentication. Oracle database is an enterprise database server available for multipleoperating systems. 'TNS Listener' is a component that routes connections from the client to the database server based on a naming convention (instance name).
Successful exploitation of thisvulnerability could result in an attacker altering the naming convention and routing the database information to the attackers system.
SYSTEMS AFFECTED:
* Oracle Database 11g Release 2, versions11.2.0.2, 11.2.0.3
* Oracle Database 11g Release 1, version 11.1.0.7
* Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
RISK:
Government:
* Large and medium governmententities: High
* Small government entities: High
Businesses:
* Large and medium business entities: High
* Small business entities: High
Home users: Low
DESCRIPTION:
A vulnerability has beendiscovered in the Oracle database server's 'TNS Listener' service. 'TNS Listener' is a component that routes connections from the client to the database server based on a naming convention (instancename). An attacker could exploit this vulnerability by sending a malicious request to the TNS Listener service and poisoning the data handled by 'TNS Listener'.
It should be noted that this...
Regístrate para leer el documento completo.