SecureScoutLogo.jpg
Oracle TNS Listener No Password Vulnerability



Go to Vulnerabilities List

General Info

TC: 12071
Description: TNSListener is a component of the Oracle database, distributed by Oracle Corp. TNS Listener is installed by default during installation on the TCP port 1521 and by default comes with no password.
This component handles any client request which on receipt is then passed off to an instance of the database.
TC Impact: Gather Info
Service: Oracle TNSListener


Specific Operations and Actions:

Vulnerability Publication: April 2, 2003
Advisory Copyright: N.A.
Summary: A flaw exists on your network that could allow an attacker to perform commands without authorization.
Risk: High
CVSS 2.0 metrics: Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: Partial
CVSS 2.0 Base Score: 7.5
Vulnerability Impact: Attack
Host Impact: Remote command execution allowing attacker either to disclose sensitive information to perform further attacks, either to stop or modify the service.
Nature of Remediation: Change the configuration.
Step required to fix the reported vulnerability:

***** Solution type: Update Configuration *****

Users are strongly advised to restrict access to TNS Listener port (TCP 1521).
Also you should immediately set a password to the service using the lsnrctl tool as your Oracle user ID:
$ lsnrctl
LSNRCTL> change_password
Old password: <press enter here>
New password: <enter new password>
Reenter new password: <reenter password
LSNRCTL> save_config

Note: If you are using Oracle version 9i or if you are not logged into the operating system with a privileged account for Oracle 10g then you may receive an error when attempting to save the configuration because it may require a password when stopping the listener. See references for further details.


Glossary and References :

References:
* MISC:
http://www.orafaq.com/node/567
* MISC: Product Home Page:
http://www.oracle.com/

CVE Link: GENERIC-MAP-NOMATCH
 CVE Compatible

Glossary: Remote Command Execution

© 2003-2010 NexantiS Corporation (www.securescout.com)
SecureScout is a trademark of NexantiS
All Rights Reserved
All products names referenced herein are trademarks of their respective companies

SecureScout products are certified:
CVE Compatible
SANS TOP 20 Compatible
CVSS Compatible (Common Vulnerability Scoring System)