Oracle Database TNS Listener Service Registration Authentication Weakness (CVE-2012-1675)
|Check Point Reference:||CPAI-2012-287|
|Protection Provided by:||
Who is Vulnerable?
Oracle Database 10g Release 2 10.2.0.3
Oracle Database 10g Release 2 10.2.0.4
Oracle Database 10g Release 2 10.2.0.5
Oracle Database 11g Release 1 220.127.116.11
Oracle Database 11g Release 2 18.104.22.168
Oracle Database 11g Release 2 22.214.171.124
An authentication weakness vulnerability has been reported in Oracle Database's TNS listener component.
The vulnerability is due to a lack of authentication of database server instances registrations. A remote attacker can exploit this vulnerability by registering a malicious database instance. By doing so, the attacker would be able to divert traffic of legitimate clients to the attacker's server. Successful exploitation could allow the attacker to cause a denial of service condition, eavesdrop on connections, or hijack the diverted connections to access the database server with the security privileges of the user whose connection was hijacked.
This protection will detect and block the transferring of a malicious message to the target host.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Security Gateway R75 / R71 / R70
How Can I Protect My Network?
- In the IPS tab, click Protections and find the Oracle Database TNS Listener Service Registration Authentication Weakness protection using the Search tool and Edit the protection's settings.
- Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Oracle Protection Violation
Attack Information: Oracle Database TNS Listener Service Registration Authentication Weakness