Oracle TNS Listener

From: Chitresh Sen (chitresh_sen@ftml.net)
Date: Thu Sep 01 2005 - 21:41:10 EDT

• Next message: Marco Monicelli: "Re: Hacking to Xp box"
• Previous message: Craig Wright: "RE: Business justification for pentesting"
• Next in thread: Michael Gargiullo: "RE: Oracle TNS Listener"
• Maybe reply: Michael Gargiullo: "RE: Oracle TNS Listener"
• Maybe reply: Chitresh Sen: "RE: Oracle TNS Listener"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dear All,

Vulnerability: Oracle TNS listener without password;
Implication: Remote attacker can control the listener;

In order to test the above vulnerability I had done the following:

1. Installed the Oracle 9i client on my laptop
2. Copy the lsnrctl.exe from Oracle 8 server
3. Configured the listener.ora file as follows

LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS_LIST =
        (ADDRESS = (PROTOCOL = TCP)(HOST = JUNK)(PORT = 1521))
      )
    )

But I am unable to execute the commands on remote listener and getting
the following error.

LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=JUNK)(PORT=152
1))(CONNECT_DATA=(SERVICE_NAME=chitresh)))
TNS-12538: TNS:no such protocol adapter
TNS-12560: TNS:protocol adapter error
  TNS-00508: No such protocol adapter

    TNS-12538: TNS:no such protocol adapter
     TNS-12560: TNS:protocol adapter error
      TNS-00508: No such protocol adapter

What can be the problem ? is it the version problem for lsnrctl.exe
because I was unable to get the Oracle 9i server lsnrctl.exe so I had
taken from oracle 8 server and copies all its dll and set the path to
execute it, or am I missing something.

Regards
Chitresh

-- 
  Chitresh Sen
  chitresh_sen@ftml.net
-- 
http://www.fastmail.fm - The way an email service should be
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Marco Monicelli: "Re: Hacking to Xp box"
• Previous message: Craig Wright: "RE: Business justification for pentesting"
• Next in thread: Michael Gargiullo: "RE: Oracle TNS Listener"
• Maybe reply: Michael Gargiullo: "RE: Oracle TNS Listener"
• Maybe reply: Chitresh Sen: "RE: Oracle TNS Listener"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:48 EDT