tailieunhanh - Oracle Database TNS Listener Poison Attack

ersonal “lives” were, generally not migrated into archives because of their on-going nature although nearly all photos were treated as archival. The rationale was that photos are fundamentally archives and this had to do with the mindset that Windows established by making “My Pictures” a special folder, that would lead people to store all photos in one folder hierarchy. Most of Bell’s photos are in a folder called “A Big Shoebox”. Over time, however, we also ended up storing photos throughout the folder hierarchy because all items pertaining to a single subject, . letters, articles, web pages, photos,. | Oracle Database TNS Listener Poison Attack Copyright Joxean Koret 2008 1 20 Introduction Vulnerability Details All your listeners are belong to us o Routing client connections o Sniffing connections o Injecting arbitrary commands Session hijack Exploiting the vulnerability o Sniffing connections and forwarding client requests o Exploit notes o TNS poison exploit Step by step guide Detection o Information at the RDBMS Server side o TNS Listener s log file Possible Workarounds References Contact 2 20 Introduction The following document explains a vulnerability found in all versions of Oracle Database server from 1999 Oracle 8i to the latest version Oracle 11g fully patched . The vulnerability called TNS Poison affects the component called TNS Listener which is the responsible of connections establishment. To exploit the vulnerability no privilege is needed just network access to the TNS Listener. The feature exploited is enabled by default in all Oracle versions starting with Oracle 8i and ending with Oracle 11g. 3 .