Oracle Database TNS Listener Service Registration Authentication Weakness (CVE-2012-1675)
| Check Point Reference: | CPAI-2012-287 | |
| Date Published: | ||
| Severity: | ||
| Source: | Oracle Advisory | |
| Industry Reference(s): | CVE-2012-1675 | |
| Protection Provided by: |
Security Gateway
|
|
|
Who is Vulnerable? Oracle Database 10g Release 2 10.2.0.3 Oracle Database 10g Release 2 10.2.0.4 Oracle Database 10g Release 2 10.2.0.5 Oracle Database 11g Release 1 11.1.0.7 Oracle Database 11g Release 2 11.2.0.2 Oracle Database 11g Release 2 11.2.0.3 |
||
| Vulnerability Description An authentication weakness vulnerability has been reported in Oracle Database's TNS listener component. |
||
|
Vulnerability Details The vulnerability is due to a lack of authentication of database server instances registrations. A remote attacker can exploit this vulnerability by registering a malicious database instance. By doing so, the attacker would be able to divert traffic of legitimate clients to the attacker's server. Successful exploitation could allow the attacker to cause a denial of service condition, eavesdrop on connections, or hijack the diverted connections to access the database server with the security privileges of the user whose connection was hijacked. |
Protection Overview
This protection will detect and block the transferring of a malicious message to the target host.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.