Check Point Advisories

Oracle Database TNS Listener Service Registration Authentication Weakness (CVE-2012-1675)

Vulnerability
Protection

Check Point Reference:	CPAI-2012-287
Date Published:	2 Jul 2012
Severity:	Critical
Last Updated:	Thursday 21 November, 2024
Source:	CVE-2012-1675
Protection Provided by:	Security Gateway R75
Who is Vulnerable?	Oracle Database 10g Release 2 10.2.0.3 Oracle Database 10g Release 2 10.2.0.4 Oracle Database 10g Release 2 10.2.0.5 Oracle Database 11g Release 1 11.1.0.7 Oracle Database 11g Release 2 11.2.0.2 Oracle Database 11g Release 2 11.2.0.3
Vulnerability Description	An authentication weakness vulnerability has been reported in Oracle Database's TNS listener component.
Vulnerability Details	The vulnerability is due to a lack of authentication of database server instances registrations. A remote attacker can exploit this vulnerability by registering a malicious database instance. By doing so, the attacker would be able to divert traffic of legitimate clients to the attacker's server. Successful exploitation could allow the attacker to cause a denial of service condition, eavesdrop on connections, or hijack the diverted connections to access the database server with the security privileges of the user whose connection was hijacked.

Protection Overview

This protection will detect and block the transferring of a malicious message to the target host.

In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.

Security Gateway R75 / R71 / R70

In the IPS tab, click Protections and find the Oracle Database TNS Listener Service Registration Authentication Weakness protection using the Search tool and Edit the protection's settings.
Install policy on all modules.

SmartView Tracker will log the following entries:
Attack Name: Oracle Protection Violation
Attack Information: Oracle Database TNS Listener Service Registration Authentication Weakness