Red-Database-Security GmbH is specialized in Oracle Security

Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Oracle Exploit stop TNS Listener via lsnrctl

Name Stop TNS Listener via lsnrctl in 7 - 9i
Systems Affected Oracle 7 / 8 / 8i / 9i
Severity High Risk
Category Denial of Service
Vendor URL http://www.oracle.com/
Credit Metalink Forum:650944.999
Exploit http://metalink.oracle.com
Date 02 May 2005 (V 1.00)

Details

If a TNS listener is not password protected everybody can stop the TNS listener (Denial of Service) by sending a STOP command to the TNS listener. This can be done with the lsnrctl command, the tnscmd perl script or via tnsnames.ora.

Even if your TNS listener is protected by a firewall and only accessible via HTTP (e.g. from an application server) it is possible to shutdown the listener,e .g. via iSQLPlus or Oracle Forms, Oracle Reports ...



Solution
Protect your TNS Listener with a password and ADMIN_RESTRICTIONS in the listener.ora


Example
-- use the IP addess of the database server
lsnrctl stop 192.22.33.44



Patch Information
No patch required. Protect your TNS Listener.


2005 by Red-Database-Security GmbH - last update 02-nov-2005

Hardening TNS-Listener

  • Use a strong password for all TNS listener
  • Disable local OS authentication on Oracle 10g
  • Disable remote administration
  • Enable listener log