Check Point Advisories

Oracle Database TNS Listener Service Registration Authentication Weakness (CVE-2012-1675)

Vulnerability
Protection

Check Point Reference:	CPAI-2012-287
Date Published:	2 Jul 2012
Severity:	Critical
Last Updated:	Monday 02 July, 2012
Source:
Industry Reference:	CVE-2012-1675
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description	An authentication weakness vulnerability has been reported in Oracle Database's TNS listener component. The vulnerability is due to a lack of authentication of database server instances registrations. A remote attacker can exploit this vulnerability by registering a malicious database instance. By doing so, the attacker would be able to divert traffic of legitimate clients to the attacker's server. Successful exploitation could allow the attacker to cause a denial of service condition, eavesdrop on connections, or hijack the diverted connections to access the database server with the security privileges of the user whose connection was hijacked.

Protection Overview

This protection will detect and block the transferring of a malicious message to the target host.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

In the IPS tab, click Protections and find the Oracle Database TNS Listener Service Registration Authentication Weakness protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Oracle Protection Violation.
Attack Information: Oracle database TNS listener service registration authentication weakness