From: Chitresh Sen (chitresh_sen@ftml.net)
Date: Thu Sep 01 2005 - 21:41:10 EDT
Dear All,
Vulnerability: Oracle TNS listener without password;
Implication: Remote attacker can control the listener;
In order to test the above vulnerability I had done the following:
1. Installed the Oracle 9i client on my laptop
2. Copy the lsnrctl.exe from Oracle 8 server
3. Configured the listener.ora file as follows
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = JUNK)(PORT = 1521))
)
)
But I am unable to execute the commands on remote listener and getting
the following error.
LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=JUNK)(PORT=152
1))(CONNECT_DATA=(SERVICE_NAME=chitresh)))
TNS-12538: TNS:no such protocol adapter
TNS-12560: TNS:protocol adapter error
TNS-00508: No such protocol adapter
TNS-12538: TNS:no such protocol adapter
TNS-12560: TNS:protocol adapter error
TNS-00508: No such protocol adapter
What can be the problem ? is it the version problem for lsnrctl.exe
because I was unable to get the Oracle 9i server lsnrctl.exe so I had
taken from oracle 8 server and copies all its dll and set the path to
execute it, or am I missing something.
Regards
Chitresh
-- Chitresh Sen chitresh_sen@ftml.net -- http://www.fastmail.fm - The way an email service should be ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:48 EDT