CVE-2012-1675 - Assisted Backs

Description

The TNS Listener as used in Oracle Database 11g 11.1.0.7 11.2.0.2 and 11.2.0.3 and 10g 10.2.0.3 10.2.0.4 and 10.2.0.5 as used in Oracle Fusion Middleware Enterprise Manager E-Business Suite and possibly other products allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists then conducting a man-in-the-middle (MITM) attack to hijack database connections aka \TNS Poison.\

Reference

https://blogs.oracle.com/security/entry/security_alert_for_cve_2012 http://seclists.org/fulldisclosure/2012/Apr/204 http://www.kb.cert.org/vuls/id/359816 http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html http://www.securityfocus.com/bid/53308 http://seclists.org/fulldisclosure/2012/Apr/343 http://www.securitytracker.com/id?1027000 http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00018.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 https://exchange.xforce.ibmcloud.com/vulnerabilities/75303

Exploit

CVE-2012-1675

Oracle Database TNS Listener Poison Attack Vulnerability

nmap -Pn -sT –script=+oracle-tns-poison -p 1521 192.168.2.18

https://www.integrigy.com/files/Integrigy%20Oracle%20TNS%20Poisoning%20Attacks.pdf