Tags

The history of a -probably- 13 years old Oracle bug: TNS Poison

The following advisory explains a vulnerability I found in 2008 in all
versions of Oracle Database server until very recently. The bug is
probably available in any Oracle Database version since 1999 (Oracle 8i)
to the latest one (Oracle 11g) without the CPU-APR-2012. The bug was
reported to Oracle in 2008 so it “only” took them 4 years to fix the
vulnerability since reported.

The vulnerability I called TNS Poison affects the component called TNS
Listener, which is the responsible of connections establishment. To
exploit the vulnerability no privilege is needed, just network access to
the TNS Listener. The “feature” exploited is enabled by default in all
Oracle versions starting with Oracle 8i and ending with Oracle 11g
(without CPU-APR-2012).


More on:
http://seclists.org/fulldisclosure/2012/Apr/204

Advertisements