The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka TNS Poison.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Database_server | Oracle | 10.2.0.3 (including) | 10.2.0.3 (including) |
Database_server | Oracle | 10.2.0.4 (including) | 10.2.0.4 (including) |
Database_server | Oracle | 10.2.0.5 (including) | 10.2.0.5 (including) |
Database_server | Oracle | 11.1.0.7 (including) | 11.1.0.7 (including) |
Database_server | Oracle | 11.2.0.2 (including) | 11.2.0.2 (including) |
Database_server | Oracle | 11.2.0.3 (including) | 11.2.0.3 (including) |
Database_server | Oracle | 11.2.0.4 (including) | 11.2.0.4 (including) |