On Fri, 20 Apr 2001, Stephen Oberther wrote:
> > Oracle 8 servers running Windows NT 4.0 (SP6) and does not require any
> > authentication credentials to succeed. I have not tried it on any other versions
> > or platforms.
>
> This works on Oracle 8 running on Solaris 8 as well. No credentials
> needed to do the name lookup either it just eats up a processor. Good
> thing it isn't threaded.
There were some remote DoS and general security bugs in the Oracle tnslsnr
in (at least) 8.1.6. This was reported to Oracle back in October 2000;
8.1.7 fixes the DoS and most of the security problems (TNS 'query leaking'
is still possible in 8.1.7 -- by sending tnslsnr a packet with a bogus length,
it's possible to see the contents of previous TNS packets. While this
won't reveal past SQL sessions, it does show usernames and other oddities.)
http://otn.oracle.com/deploy/security/alerts.htm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0818
http://xforce.iss.net/alerts/advise66.php
http://www.jammed.com/~jwa/hacks/security/tnscmd/ - my kludgy 'tnsping'
James
