Threat Level: green Handler on Duty: Scott Fendley

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener

Published: 2009-10-16
Last Updated: 2011-01-25 00:01:13 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

By default when you install Oracle the TNS Listener is on tcp port 1521. It handles network requests to be passed to a database instance. If it not appropriately secured commands can be sent to the listener, the listener can be shut down, or the databases can be queried. There have been a number of vulnerabilities over the years that have been actively exploited specific to the TNS Listener.

If you check the Dshield database for the last while port 1521 has appeared in the 'top 10' a number of times. It would appear as though if you install Oracle it is highly recommended not to expose it to the Internet (or any untrusted network). Obviously a number of people are actively looking for Oracle instances. http://www.dshield.org/port.html?port=1521

Some best practices for the TNS listener:

  • Restrict access to this port
  • Assign a password to the listener
  • Install patches


Some examples of CVE entries that involve the TNS Listener:
CVE-2008-2625, CVE-2007-5507, CVE-2007-2120, CVE-2006-0265, CVE-2005-3206, CVE-2005-3207, CVE-2004-1369, CVE-2003-1116, CVE-2002-1118, CVE-2002-0965, CVE-2002-0509, CVE-2002-0567, CVE-2001-0498, CVE-2001-0499, CVE-1999-0784, CVE-2000-0986

Some recommended reading: the Oracle Database Listener Security Guide http://www.scribd.com/doc/22455/Oracle-Database-Listener-Security-Guide

Please contact us if you have any comments or would like to add to this diary entry.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

0 comment(s)

Disable MS09-054 patch, or Firefox Plugin?

Published: 2009-10-16
Last Updated: 2011-01-25 00:00:49 UTC
by Adrien de Beaupre (Version: 1)
2 comment(s)

The .NET Framework 3.5 SP1 installs a “Windows Presentation Foundation” plug-in in Firefox. That in of itself may be cause for concern. But wait, there is more. MS09-054 was issued to address an IE vulnerability (CVE-2009-2529). As it turns out the vulnerability could also be exploited via Firefox. If you could launch XBAP using a browser the vulnerability could be exploited. For users of either browser it is recommended to disable XBAP. So essentially a security fix introduced additional issues? The irony is, well...

More information from Microsoft is available here.

So, if you use Windows, install patches, and also have Firefox, oddly enough you will want to read the following Microsoft KB article entitled "How to remove the .NET Framework Assistant for Firefox"

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

2 comment(s)

Multiple Vulnerabilities in Cisco Wireless LAN Controllers

Published: 2009-10-16
Last Updated: 2011-01-25 00:00:27 UTC
by Adrien de Beaupre (Version: 2)
2 comment(s)

The title pretty much says it all. Please check out the Cisco advisory here.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

Keywords: cisco
2 comment(s)

VMWare updates ESX

Published: 2009-10-16
Last Updated: 2009-10-16 18:12:04 UTC
by Stephen Hall (Version: 1)
0 comment(s)

A duo announcements by VMWare highlight a new patch, and an updated one fixing their enterprise offering, ESX which addressed 51 CVE's worth of issues.

The majority of those however are within the Java Runtime (JRE) bundled with the product.

You can find more out on their list server  where the following updates are released:

VMSA-2009-0014

VMSA-2009-002.1

Steve Hall | ISC Handler

 

Keywords: esx vmware
0 comment(s)
Diary Archives