Instructions on how to exploit an unpatched Oracle Database Servervulnerability in order to intercept the information exchangedbetween clients and databases were published by a securityresearcher who erroneously thought that the company had patched theflaw. Oracle's April 2012 Critical Patch Update (CPU) advisory , published on April 17, credited security researcher Joxean Koretfor a vulnerability he reported through cyber intelligence firmiSight Partners. [ In a major finding, InfoWorld uncovered a fundamental Oracle flaw and its repercussions for database customers. Learn how tosecure your systems with Roger Grimes' Security Adviser blog and Security Central newsletter , both from InfoWorld. Subscribe to the InfoWorld Daily newsletter to make sure you don't miss an article. ] In an email sent to the Full Disclosure mailing list on April 18, Koretrevealed that the vulnerability is located in the Oracle TNSListener, a component that routes connections from clients toOracle database servers depending on which database they are tryingto reach. TNS Listener has a default feature, introduced in 1999, that allowsclients to register a database service or database instanceremotely without authentication, Koret said. The client sends a remote registration request to the TNS Listenerand defines a new service name, its IP address, the databaseinstances under it, and other settings. The TNS Listener thenstarts routing all client requests that include that service nameor database instance. However, TNS Listener also allows the remote registration of adatabase instance or service name that is already registered, Koretsaid. "The TNS listener will consider this newer registeredinstance name a cluster instance (Oracle RAC, Real ApplicationClusters) or a fail over instance (Oracle Fail over)," he said. In this case, the TNS Listener performs load balancing between thetwo instances by sending the first client to the most recentlyregistered one and the second client to the original one. Thisallows a local attacker to route between 50 and 75 percent ofclients to a database server that he controls, Koret said. The attacker can then use the TNS Listener on the server hecontrols to route the client requests back to the legitimatedatabase instance, effectively establishing a TNS proxy that allowshim to intercept all data exchanged between clients and thetargeted database. However, this is not the only attack scenario that thisvulnerability allows. By being in a man-in-the-middle situation,the attacker can also inject rogue commands in the SQL queries sentby clients or completely hijack their sessions to execute arbitraryqueries, Koret said. The researcher mentioned that he didn't test whether Oracle's patchfor this vulnerability, that he believed to be included in theApril 2012 CPU, actually addressed all attack vectors. However, after a few follow-up emails with Oracle, he realized thatthe company hadn't actually patched the flaw for currentlysupported versions of the database server, but instead addressed itin an yet-to-be-released version. I am an expert from vinyl-cutterplotter.com, while we provides the quality product, such as Simple Graph Plotter , Contour Cutting Plotter, Cutting Plotter Machine,and more.
Related Articles -
Simple Graph Plotter, Contour Cutting Plotter,
|