Cyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
By default when you install Oracle the TNS Listener is on tcp port 1521. It handles network requests to be passed to a database instance. If it not appropriately secured commands can be sent to the listener, the listener can be shut down, or the databases can be queried. There have been a number of vulnerabilities over the years that have been actively exploited specific to the TNS Listener.
If you check the Dshield database for the last while port 1521 has appeared in the 'top 10' a number of times. It would appear as though if you install Oracle it is highly recommended not to expose it to the Internet (or any untrusted network). Obviously a number of people are actively looking for Oracle instances. http://www.dshield.org/port.html?port=1521
Some best practices for the TNS listener:
- Restrict access to this port
- Assign a password to the listener
- Install patches
Some examples of CVE entries that involve the TNS Listener:
CVE-2008-2625, CVE-2007-5507, CVE-2007-2120, CVE-2006-0265, CVE-2005-3206, CVE-2005-3207, CVE-2004-1369, CVE-2003-1116, CVE-2002-1118, CVE-2002-0965, CVE-2002-0509, CVE-2002-0567, CVE-2001-0498, CVE-2001-0499, CVE-1999-0784, CVE-2000-0986
Some recommended reading: the Oracle Database Listener Security Guide http://www.scribd.com/doc/22455/Oracle-Database-Listener-Security-Guide
Please contact us if you have any comments or would like to add to this diary entry.
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
Disable MS09-054 patch, or Firefox Plugin?
The .NET Framework 3.5 SP1 installs a “Windows Presentation Foundation” plug-in in Firefox. That in of itself may be cause for concern. But wait, there is more. MS09-054 was issued to address an IE vulnerability (CVE-2009-2529). As it turns out the vulnerability could also be exploited via Firefox. If you could launch XBAP using a browser the vulnerability could be exploited. For users of either browser it is recommended to disable XBAP. So essentially a security fix introduced additional issues? The irony is, well...
More information from Microsoft is available here.
So, if you use Windows, install patches, and also have Firefox, oddly enough you will want to read the following Microsoft KB article entitled "How to remove the .NET Framework Assistant for Firefox"
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
Multiple Vulnerabilities in Cisco Wireless LAN Controllers
The title pretty much says it all. Please check out the Cisco advisory here.
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
VMWare updates ESX
A duo announcements by VMWare highlight a new patch, and an updated one fixing their enterprise offering, ESX which addressed 51 CVE's worth of issues.
The majority of those however are within the Java Runtime (JRE) bundled with the product.
You can find more out on their list server where the following updates are released:
Steve Hall | ISC Handler
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
https://defineprogramming.com/
Dec 26th 2022
8 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago