|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: InfoSec News (alerts
infosecnews.org)
Date: Mon Apr 30 2012 - 02:08:59 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
https://www.computerworld.com/s/article/9226674/Researcher_misinterprets_Oracle_advisory_discloses_unpatched_database_vulnerability
By Lucian Constantin
IDG News Service
April 27, 2012
Instructions on how to exploit an unpatched Oracle Database Server
vulnerability in order to intercept the information exchanged between
clients and databases were published by a security researcher who
erroneously thought that the company had patched the flaw.
Oracle's April 2012 Critical Patch Update (CPU) advisory, published on
April 17, credited security researcher Joxean Koret for a vulnerability
he reported through cyberintelligence firm iSIGHT Partners.
In an email sent to the Full Disclosure mailing list on April 18, Koret
revealed that the vulnerability is located in the Oracle TNS Listener, a
component that routes connections from clients to Oracle database
servers depending on which database they are trying to reach.
TNS Listener has a default feature, introduced in 1999, that allows
clients to register a database service or database instance remotely
without authentication, Koret said.
[...]
_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]