RE: Oracle TNS Listener

• Previous message: dave@fred.net: "Re: Oracle TNS Listener"
• In reply to: Joe Brown: "Oracle TNS Listener"
• Next in thread: James W. Abendschan: "Re: Oracle TNS Listener"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Aaron C. Newman" <aaron@newman-family.com>
To: "Joe Brown" <joe_brown@senet-int.com>, <pen-test@securityfocus.com>
Date: Wed, 19 Dec 2001 13:56:18 -0500

Joe,

You can download an evaluation version of AppDetective for Oracle from
www.appsecinc.com. It will find holes in Oracle such as no listener
password, default passwords, weak passwords, buffer overflows,
misconfigurations, etc...

Regards,
Aaron

_____________________________________________
Aaron C. Newman
CTO/Founder
Application Security, Inc.
Tel: 212-490-6022
Fax: 212-490-6456
E-mail: anewman@appsecinc.com
Web: www.appsecinc.com
Application Security, Inc.
- Protection Where it Counts -

-----Original Message-----
From: pen-test-return-1495-aaron=newman-family.com@securityfocus.com
[mailto:pen-test-return-1495-aaron=newman-family.com@securityfocus.com]O
n Behalf Of Joe Brown
Sent: 17 December 2001 10:02
To: pen-test@securityfocus.com
Subject: Oracle TNS Listener

 Hello all, I'm currently performing a pen-test and have found a remote
machine with TCP port 1521 open. I have read information about an Oracle
TNS listener vulnerability but, can't find any more information. Can
anyone point me in the right direction? Thanks.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Previous message: dave@fred.net: "Re: Oracle TNS Listener"
• In reply to: Joe Brown: "Oracle TNS Listener"
• Next in thread: James W. Abendschan: "Re: Oracle TNS Listener"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [NEWS] Vulnerability in Oracle 9i Database Server Leads to Remote Compromise ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Oracle version 9 ... functions exported by operating system libraries or Dynamic Link ... requests that the Listener load the relevant library, ... (Securiteam) [NEWS] Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... * Oracle 8i ... Connecting to the Oracle TNS listener and issuing ... attacker keeps the original connection open. ... (Securiteam) Oracle TNS Listener DoS (#NISR2122004F) ... NGSSoftware Insight Security Research Advisory ... Oracle 10g TNS Listener DoS ... (NT-Bugtraq) Oracle TNS Listener DoS (#NISR2122004F) ... NGSSoftware Insight Security Research Advisory ... Oracle 10g TNS Listener DoS ... (Bugtraq) [VulnWatch] Oracle TNS Listener DoS (#NISR2122004F) ... NGSSoftware Insight Security Research Advisory ... Oracle 10g TNS Listener DoS ... (VulnWatch)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint