Learn more on how to stay protected from the latest Ransomware Pandemic
Check Point Advisories

Oracle Database TNS Listener Service Registration Authentication Weakness (CVE-2012-1675)

Check Point Reference: CPAI-2012-287
Date Published: 2 Jul 2012
Severity: Critical
Last Updated:
Source: CVE-2012-1675
Protection Provided by:

Security Gateway
R75

Who is Vulnerable? Oracle Database 10g Release 2 10.2.0.3
Oracle Database 10g Release 2 10.2.0.4
Oracle Database 10g Release 2 10.2.0.5
Oracle Database 11g Release 1 11.1.0.7
Oracle Database 11g Release 2 11.2.0.2
Oracle Database 11g Release 2 11.2.0.3
Vulnerability Description An authentication weakness vulnerability has been reported in Oracle Database's TNS listener component.
Vulnerability DetailsThe vulnerability is due to a lack of authentication of database server instances registrations. A remote attacker can exploit this vulnerability by registering a malicious database instance. By doing so, the attacker would be able to divert traffic of legitimate clients to the attacker's server. Successful exploitation could allow the attacker to cause a denial of service condition, eavesdrop on connections, or hijack the diverted connections to access the database server with the security privileges of the user whose connection was hijacked.

Protection Overview

This protection will detect and block the transferring of a malicious message to the target host.

In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.

Security Gateway R75 / R71 / R70

  1. In the IPS tab, click Protections and find the Oracle Database TNS Listener Service Registration Authentication Weakness protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

SmartView Tracker will log the following entries:
Attack Name: Oracle Protection Violation
Attack Information: Oracle Database TNS Listener Service Registration Authentication Weakness

×
  Feedback
This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO