Oracle TNS Listener

[Joe Brown <joe_brown () senet-int com>]

Hello all,
I was performing a pen test and found a version of 
Oracle TNS listener that reports being vulnerable to 
bid 2941.  After contacting the client, the DBA told me 
that the patch crashed the apps on Oracle so, he 
implemented the Oracle workaround contained 
below.  He now wants to know if that elminates the 
vulnerability until he upgrades to a non-vulnerable 
version.  The workaround says to password protect 
the listener but, from what I have read, one doesn't 
need to authenticate to exploit this vulnerability.

Unfortunately, with little knowledge of Oracle and 
without proof of concept code, I don't know if this 
workaround is successful and if this vulnerability has 
been eliminated.  Any suggestions?

(from Oracle)
Workaround
~~~~~~~~~~
You must apply the patch as soon as it is available 
for your platform.  
However, an interim workaround until the patch is 
available for your
platform is
to password protect the listener.
Once the listener has been password protected the 
SET LOG_FILE and
SET TRACE_FILE commands in lsnrctl will not work 
without a password.

For instructions on how to password protect the 
listener see the following:

[NOTE:92602.1]  How to password protect your 
listener

In addition to setting the listener password you should 
also set up your 
permissions to limit who can has access to the 
listener.ora file and the 
lsnrctl executable.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/