|
| TC: | 12070 | |
| Description: | TNSListener is a component of the Oracle database, distributed by Oracle Corp. TNS Listener is installed by default during installation on the TCP port 1521. This component handles any client request which on receipt is then passed off to an instance of the database. If this service remains accessible for inbound connections and is not secured with oracle best practices it is then possible for an attacker to perform remote arbitrary commands. | |
| TC Impact: | Gather Info | |
| Service: | Oracle TNSListener |
| Vulnerability Publication: | April 02,2003 | |
| Advisory Copyright: | N.A. | |
| Summary: | A flaw exists on your network that could allow an attacker to perform commands without authorization. | |
| Risk: | Low | |
| CVSS 2.0 metrics: | Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: None | |
| CVSS 2.0 Base Score: | 0.0 |
| Vulnerability Impact: |
Attack |
|---|
| Host Impact: | Remote command execution allowing attacker to disclose sensitive information, to perform further attacks, or to stop or modify the service. | |
| Nature of Remediation: | Change the configuration. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Update Configuration ***** Users are strongly advised to restrict access to TNS Listener port (TCP 1521). |
| References: |
| |
| * MISC: Product Home Page: http://www.oracle.com/ |
| CVE Link: |
CVE-1999-0652 |
 |
|---|
| Glossary: |
Arbitrary Command Execution |
|---|