TNS Listener Poison Attack - CVE-2012-1675

Similar Messages

• Listener Poison Attack (CVE-2012-1675).

  I want to fix Listener Poison Attack for non RAC system, but I can't open the url https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1453883.1
  Can someone get the note for me ? Thanks!

  Hi there,
  You posted this in the Application Express forum. At first glance, it looks like this issue is with the database listener - nothing directly to do with Application Express, really.
  Joel

• TNS Listener Poison attack : Oracle Security Alert for CVE-2012-1675

  Hi,
  I'm looking to implement the following oracle document about COST but not sure what we need to do for Standby Environment ,
  Can you guys please advise.
  Oracle Using Class of Secure Transport (COST) to Restrict Instance Registration [ID 1453883.1]
  Oracle Security Alert for CVE-2012-1675
  Thanks

  user097815 wrote:
  with regrads to the below thread which mostly talks about Oracle Security Alert for CVE-2012-1675 "TNS Listener Poison Attack"....i just wanted to find out if this effect DB that are externally or internally....meaning 95% of our DB are in network(internally) behind our firewall....and rest of the 5% are outside our firewall facing the world wide web....so does this apply to both of just one ?The attack is on the Listener itself - so if you want to prevent this attack, you need to secure that Listener, irrespective of its location.
  IMO, mandatory if you expose your Listener to an unsecured or public network (e.g. internet).
  As for Listeners running on your internal network - if this attack is used, securing your Listeners mean very little IMO. Because your internal network already needs to be compromised in order for the attack to occur. Which means you have far more serious problems then someone attacking your Listeners.

• TNS Listener Poison Attack...externally or internally ?

  Hello all,
  with regrads to the below thread which mostly talks about Oracle Security Alert for CVE-2012-1675 "TNS Listener Poison Attack"....i just wanted to find out if this effect DB that are externally or internally....meaning 95% of our DB are in network(internally) behind our firewall....and rest of the 5% are outside our firewall facing the world wide web....so does this apply to both of just one ?
  Oracle TNS Poison vulnerability

  user097815 wrote:
  with regrads to the below thread which mostly talks about Oracle Security Alert for CVE-2012-1675 "TNS Listener Poison Attack"....i just wanted to find out if this effect DB that are externally or internally....meaning 95% of our DB are in network(internally) behind our firewall....and rest of the 5% are outside our firewall facing the world wide web....so does this apply to both of just one ?The attack is on the Listener itself - so if you want to prevent this attack, you need to secure that Listener, irrespective of its location.
  IMO, mandatory if you expose your Listener to an unsecured or public network (e.g. internet).
  As for Listeners running on your internal network - if this attack is used, securing your Listeners mean very little IMO. Because your internal network already needs to be compromised in order for the attack to occur. Which means you have far more serious problems then someone attacking your Listeners.

• TNS Listener Poison attack

  Hi Gurus,
  Recently i came across an alert from Oracle, which talks about TNS Listener Poison attack in Oracle database environment, which i do not understand how can someone attack the listener and get access to the database. is it possible to provide a scenario as an example.
  Thanks in advance.

  TNS Listener Poison Attack
  The Oracle database server has a separate network connection process that usually operates on TCP port 1521. The database registers as a listener with this process and the process forwards the client requests on to the actual database system that handles the requested database instance.
  Since version 8i, these network connection processes can register additional listeners. Such a listener can even be registered for an existing database instance. The active listener interprets this as a new Oracle Real Application Clusters (RAC) node and uses the new listener to implement load balancing. In other words: every second database connection will be routed via the new listener.
  This security hole is particularly serious "because it allows remote and unauthenticated attackers to redirect the database's network traffic on the database server to an arbitrary server and then intercept it. All they need to know is the Oracle SID or Oracle service name."
  Immediate solution for non-cluster envernment:
  dynamic_registration_<listener> = off
  For Example:
  Step 1
  ======
  LSNRCTL> show dynamic_registration
  Connecting to (ADDRESS=(PROTOCOL=IPC)(KEY=XS2.WORLD))
  LISTENER parameter "dynamic_registration" set to ON
  The command completed successfully
  Step 2
  ======
  LISTENER =
  (DESCRIPTION_LIST =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = hostname)(PORT = 1521))
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
  SID_LIST_LISTENER =
  (SID_LIST =
  (SID_DESC =
  (SID_NAME = PLSExtProc)
  (ORACLE_HOME = /u01/app/oracle/product/11.2.0.2)
  (PROGRAM = extproc)
  (SID_DESC =
  (global_dbname = ORCL.hostname)
  (ORACLE_HOME = /u01/app/oracle/product/11.2.0.2)
  (sid_name = hostname)
  ADR_BASE_LISTENER = /u01/app/oracle
  INBOUND_CONNECT_TIMEOUT_ = 120
  DYNAMIC_REGISTRATION_LISTENER = off
  Conclusion:
  The attack is on the Listener itself - so if you want to prevent this attack, you need to secure that Listener, irrespective of its location.
  Note: Mandatory if we expose our Listener to an unsecured or public network (e.g. internet).
  As for Listeners running on your internal network - Internal network already needs to be compromised in order for the attack to occur.
  http://shanojkumar.wordpress.com/2012/05/23/oracle-security-alert-for-cve-2012-1675-tns-listener-poison-attack/

• Oracle TNS Poison vulnerability - CVE-2012-1675

  Oracle announced a zero day vulnerability today - http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html
  Looks like a man in the middle attack.
  For CF8 or CF9, can the native oracle driver be configured to use SSL/TLS?

  Rather than attempting to patch something without official patches and potentially breaking your license to use it, I suggest disabling listener dynamic registration and configuring a static local_listener parameter within your XE database.  The TNS poison vulnerability relies on dynamic listener registration, and by disabling it we should no longer have risk from this vulnerability.

• Oracle Security Alert for CVE-2012-1675

  Hi,
  I want to know more about recent release "Oracle Security Alert" : http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html
  Document available in https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1453883.1
  Fix is about Class of Secure Transport (COST). I need to know about elaborate steps to find out whether this change is need to apply to my databases or not.
  About my DBs : 10.2.4 , AIX, Nondefault Listener, Shared env , non RAC, local_listener is null & running in pfile.
  Thx,
  Gowin.

  Hello;
  Apply it. Very clean. Simple. No outage on Non-RAC. Biggest Impact is listener stop and start. Took about 3 minutes per server.
  Tested today and had zero issues. ( Assumed you understood a CONNECT was part of the test ). Zero issues.
  Had a thread on this here a few days ago :
  Oracle TNS Poison vulnerability
  See Oracle Support Note 1453883.1 for additional information.
  Best Regards
  mseberg
  With all due respect this isn't very hard. Make a decision.
  Edited by: mseberg on May 2, 2012 7:13 AM

• April 2012 CVE-2012-1675 sercuity alert - issues

  Thanks for taking my questions.
  We are windows 11g (non rac) The April Security Patche CVE-2012-1675 ID: 1453883.1
  This fix isn't working for me. STEP 4) Replace the tcp address in the database ….. errors.
  I did some more digging and found they updated the doc ID: 1453883.1 to include TCP but the first step is “OBTAIN AND APPLY THE PATCH FOR BUG:12880299. I can’t find this patch or bug.
  Has anyone tackeled this fix and got it to work?
  Thanks,
  Kathie

  Thanks everyone for the helpful information!! I sometimes have a real difficult time searching for stuff in Oracle Support so the forum is my reality check:)
  Anyway, I did get the ICP method to work. I think the entries in the network.ora file had to be in a specific order. After I changed the IPC entry before the TCP entry the change applied as excpected.
  My understanding is that either the IPC or the TCP change will protect you. If anyone knows something other than that please let me know.
  Thanks again for the help!
  Kathie

• Oracle FAILSAFE and CVE-2012-1675

  Folks,
  I'm running Oracle 10.2.0.3 {PATCH 29} on Windows32 with Oracle Failsafe 3.4.4.1. I've tried implementing the IPC fix and the dynamic_registration=OFF fix as prescribed and get the listener.log error listed below with either attempt. It doesn't look like either fix works for FAILSAFE.
  +07-MAY-2012 15:00:07 * service_register_NSGR * 1194+
  TNS-01194: The listener command did not arrive in a secure transport
  How do I implement this fix on my environment?
  Any and all help is GREATLY APPRECIATED!

  Hello;
  Did you do this ? :
  Plus for each database
  alter system set local_listener='(DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=REGISTER)))' scope = both;
  "With COST enabled for TCP attempts to register with the listener from anything other than the local system using TCP is rejected and an event is logged"
  TNS-01194
  Might look at these as an option :
  How to Add New Listeners in a Fail Safe Environment [ID 217096.1]
  How to protect a listener with a password in Oracle Fail Safe? [ID 333239.1]
  Best Regards
  mseberg
  Edited by: mseberg on May 7, 2012 12:36 PM
  Edited by: mseberg on May 7, 2012 12:45 PM

• How to validate CVE-2012-1675 and COST restriction

  Hello,
  I am curious to know about the test case to validate the COST and CVE 1675 implementation. I have 3 node cluster node running on 11.2.0.3.0 with SCAN. i tried to search in metalink but couldn't find any document which states about the test/validation case. Please help.
  Thanks,
  Pankaj

  I am not sure if you looking for steps to reproduce the vulnerability or just see what is the impact if its not patched.
  Here is a demo https://www.youtube.com/watch?v=hE3-AkxSX3w of what happens if patch is not applied.
  Hope this helps.
  Regards,
  NC
  Edited by: NC on Mar 28, 2013 2:40 AM

• IOracle Security Alert for CVE-2012-1675 Released April 30th, 2012.

  Kinldy let me know how ill I down load the patch for this . Currently we have Oracle DB on versions 10.2.0.4, 10.1.0 , 11.2.0.3 in RAC. Do we need to apply the patch for all these databases. I have no applied any patches after Oracle is installed , Can I update this patch directly or i need to apply the pervious patches before this
  I am a beginner and not a DBA , but i need to support the db also as part of application suppot. Kiindly help

  Patches are only available at Oracle's support site - https://support.oracle.com - access to which is granted only if you have a support contract with Oracle.
  After you download the patch(es), follow the steps in the README
  HTH
  Srini

• How to address CVE-2012-1675 with Oracle Express 11.2.0.2 release june 2014? No access to patches via the Oracle Critical Patch Update page..

  Where do we find the patch for Express user downloads? The Oracle Critical Patch Update site requires a valid support license.

  XE is not patch-able - there is no support available.

• CSV-2012-1675 IPC METHOD CORRECT

  Hi, I’m hoping someone can confirm I applied the csv-2012-1675 patch against the poison attack correctly? I applied the IPC method. A few days ago I started getting ORA-3136 on one of my servers. I need to rule out the poison attack as a possible cause!
  The instructions said I could use IPC method but it looks like it now has a TCP fix as well. I tried confirming the patch following instructions but I do not get the errors as described. My llistener "services" does show connecting as IPC.
  My server is a windows 11.1.0.7 NON-Rac used for our data warehouse. The data warehouse Informatica software is housed offsite so it does have an offsite client connection to another server. When I get an ORA-3136 error the data warehouse job also fails.
  Can anyone confirm the IPC patch method should work for my type of server OR why the COST test to see if it is working is not showing the expected error?
  Thanks for taking my questions!!
  Kathie

  Hi, I’m hoping someone can confirm I applied the csv-2012-1675 patch against the poison attack correctly? I applied the IPC method. A few days ago I started getting ORA-3136 on one of my servers. I need to rule out the poison attack as a possible cause!
  The instructions said I could use IPC method but it looks like it now has a TCP fix as well. I tried confirming the patch following instructions but I do not get the errors as described. My llistener "services" does show connecting as IPC.
  My server is a windows 11.1.0.7 NON-Rac used for our data warehouse. The data warehouse Informatica software is housed offsite so it does have an offsite client connection to another server. When I get an ORA-3136 error the data warehouse job also fails.
  Can anyone confirm the IPC patch method should work for my type of server OR why the COST test to see if it is working is not showing the expected error?
  Thanks for taking my questions!!
  Kathie

• TNS:listener does not currently know of SID given in connect descriptor

  Hi
  I have installed 11g on Windows 7, the startup & shutdown of DB is normal.
  But connecting to a particular DB is giving a problem:
  ORA-12505: TNS:listener does not currently know of SID given in connect descriptor
  in the listener.ora following entry is made:
  SID_LIST_LISTENER =
  (SID_LIST =
  (SID_DESC =
  (SID_NAME = sid_test)
  (ORACLE_HOME =$ORACLE_HOME)
  (PROGRAM = extproc)
  (SID_DESC =
  (GLOBAL_DBNAME = sid_test)
  (ORACLE_HOME = $ORACLE_HOME)
  (SID_NAME = orcl_test)
  LIST1 =
  (DESCRIPTION_LIST =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
  Also tried using ALTER SYSTEM REGISTER;
  still there is no connection being established.
  following outputs i am getting while connecting:
  SQL> connect test_db@tns_test
  Enter password:
  ERROR:
  ORA-12505: TNS:listener does not currently know of SID given in connect
  descriptor
  Warning: You are no longer connected to ORACLE.
  While running lsnrctl status command, following error is appearing:
  C:\Windows\system32> lsnrctl status list1
  LSNRCTL for 32-bit Windows: Version 11.1.0.6.0 - Production on 28-SEP-2012 10:35
  :38
  Copyright (c) 1991, 2007, Oracle. All rights reserved.
  Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521)))
  STATUS of the LISTENER
  Alias list1
  Version TNSLSNR for 32-bit Windows: Version 11.1.0.6.0 - Produ
  ction
  Start Date 28-SEP-2012 10:29:40
  Uptime 0 days 0 hr. 5 min. 58 sec
  Trace Level off
  Security ON: Local OS Authentication
  SNMP OFF
  Listener Parameter File XXXXXXXXXXXXXXXXXXXXXXXXXXXX\listener.ora
  Listener Log File XXXXXXXXXXXXXXXXXXXXX\log.xml
  Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC1521ipc)))
  The listener supports no services
  The command completed successfully
  Please help...!!!

  Hi Niket,
  Thanks for the reply, i tried following as well in the listener file (still the error persistes):
  list1 =
  (DESCRIPTION_LIST =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
  SID_LIST_LISTENER =
  (SID_LIST =
  (SID_DESC =
  (SID_NAME = sid_test)
  (ORACLE_HOME =$ORACLE_HOME)
  (PROGRAM = extproc)
  (SID_DESC =
  (GLOBAL_DBNAME = sid_test)
  (ORACLE_HOME = $Oracle_home)
  (SID_NAME = sid_test)
  The tnsnames.ora entry:
  tns_test =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
  (CONNECT_DATA =
  (SID = sid_test)
  )

• ORA-12505, TNS:listener does not currently know of SID given in connect des

  Hello,
  After installation of Oracle Database Express Edition 11g and Oracle SQL Developer 3.0, I tryed connect a database.
  Informations entered :
  Nom de connexion : xe_sys
  Nom utilisateur : sys
  Mdp : *********
  Type de connexion : de base, role sysdba
  Nom d'hote : POST1.compteUs.local
  Port : 1521
  SID : XE
  when I tested the connection I have this famous message that appears:
  Statut : échec -Echec du test : Listener refused the connection with the following error:
  ORA-12505, TNS:listener does not currently know of SID given in connect descriptor
  this is listener.ora :
  SID_LIST_LISTENER =
  (SID_LIST =
  (SID_DESC =
  (SID_NAME = PLSExtProc)
  (ORACLE_HOME = C:\oraclexe\app\oracle\product\11.2.0\server)
  (PROGRAM = extproc)
  (SID_DESC =
  (SID_NAME = CLRExtProc)
  (ORACLE_HOME = C:\oraclexe\app\oracle\product\11.2.0\server)
  (PROGRAM = extproc)
  LISTENER =
  (DESCRIPTION_LIST =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
  (ADDRESS = (PROTOCOL = TCP)(HOST = POST1.compteUs.local)(PORT = 1521))
  DEFAULT_SERVICE_LISTENER = (XE)
  this is sqlnet.ora :
  SQLNET.AUTHENTICATION_SERVICES = (NTS)
  this is tnsname.ora :
  XE =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = POST1.compteUs.local)(PORT = 1521))
  (CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = XE)
  EXTPROC_CONNECTION_DATA =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
  (CONNECT_DATA =
  (SID = PLSExtProc)
  (PRESENTATION = RO)
  ORACLR_CONNECTION_DATA =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
  (CONNECT_DATA =
  (SID = CLRExtProc)
  (PRESENTATION = RO)
  Can you help me please ?
  Thanks

  Thanks of help.
  here, commande 'lsnrctl stat' executed :
  LSNRCTL for 32-bit Windows: Version 11.2.0.2.0 - Production on 10-OCT. -2012 08:
  40:29
  Copyright (c) 1991, 2010, Oracle. All rights reserved.
  Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
  STATUS of the LISTENER
  Alias LISTENER
  Version TNSLSNR for 32-bit Windows: Version 11.2.0.2.0 - Produ
  ction
  Start Date 10-OCT. -2012 03:30:05
  Uptime 0 days 5 hr. 10 min. 24 sec
  Trace Level off
  Security ON: Local OS Authentication
  SNMP OFF
  Default Service XE
  Listener Parameter File C:\oraclexe\app\oracle\product\11.2.0\server\network\admin\listener.ora
  Listener Log File C:\oraclexe\app\oracle\diag\tnslsnr\POST1\listener\alert\log.xml
  Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC1ipc)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=POST1.compteUs.local)(PORT=1521)
  Services Summary...
  Service "CLRExtProc" has 1 instance(s).
  Instance "CLRExtProc", status UNKNOWN, has 1 handler(s) for this service...
  Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
  The command completed successfully
  So, I tryed :
  Informations entered :
  Nom de connexion : test
  Authentification OS
  Type connection : de base, role sysdba
  host name : POST1.compteUs.local
  Port : 1521
  Service name : XE
  And this is message erreur :
  Statut : échec -Echec du test : Listener refused the connection with the following error:
  ORA-12514, TNS:listener does not currently know of service requested in connect descriptor