AnsweredAssumed Answered

QID19672,Oracle Database TNS Listener Poison Attack Vulnerability

Question asked by Waleed Alghamdi on Nov 28, 2018
Latest reply on May 15, 2019 by Tony Wong

QID: 19672 , Title: Oracle Database TNS Listener Poison Attack Vulnerability

Threat: "A vulnerability exists in the Listener component of Oracle Database Server. Easily exploitable vulnerability allows successful unauthenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Listener accessible data as well as read access to all Listener accessible data and ability to cause a partial denial of service (partial DOS) of Listener.
This vulnerability allows an attacker to perform a man-in-the-middle attack by registering an additional database instance in the TNS listener. The listener will then start load-balancing traffic to the new instance. This allows the attacker to receive the database transactions, record them and forward them to the original database. The attacker could also potentially modify the transactions and execute commands on the original database server.
This QID sends a request to register with the listener with the following command:
If the listener acknowledges and allows the scanner to register, then the QID is posted. If Oracle suggested solution is applied then the listener should not allow the scanner to register successfully.
Affected Products and Versions:
Oracle Database 11g Release 2, versions,,
Oracle Database 11g Release 1, version
Oracle Database 10g Release 2, versions,,
NOTE: Although Oracle Database prior to 10g versions are not listed in the Oracle advisory, older versions of Oracle not covered by their lifetime policy and as per advisory, they could be affected."



We are not in the affected version list, why Qualay is detecting us as our Oracle Database 11g Release 2, OS is Windows server 2012 R2