WebApp Sec mailing list archives

Re: Oracle TNS listener

From: Achim Hoffmann <kirke11 () securenet de>
Date: Fri, 2 Sep 2005 21:38:37 +0200 (MEST)

On Thu, 1 Sep 2005, Chitresh Sen wrote:

!! Dear All,
!!
!! Vulnerability: Oracle TNS listener without password;
!! Implication: Remote attacker can control the listener;
!!
!! In order to test the above vulnerability I had done the following:

I'd search for the perl tool tnscmd and use that.

{-: Achim

Current thread:

Oracle TNS listener Chitresh Sen (Sep 01)
- Re: Oracle TNS listener Achim Hoffmann (Sep 02)
- Re: Oracle TNS listener Esteban Martinez Fayo (Sep 02)