Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Cyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener

By default when you install Oracle the TNS Listener is on tcp port 1521. It handles network requests to be passed to a database instance. If it not appropriately secured commands can be sent to the listener, the listener can be shut down, or the databases can be queried. There have been a number of vulnerabilities over the years that have been actively exploited specific to the TNS Listener.

If you check the Dshield database for the last while port 1521 has appeared in the 'top 10' a number of times. It would appear as though if you install Oracle it is highly recommended not to expose it to the Internet (or any untrusted network). Obviously a number of people are actively looking for Oracle instances. http://www.dshield.org/port.html?port=1521

Some best practices for the TNS listener:

  • Restrict access to this port
  • Assign a password to the listener
  • Install patches


Some examples of CVE entries that involve the TNS Listener:
CVE-2008-2625, CVE-2007-5507, CVE-2007-2120, CVE-2006-0265, CVE-2005-3206, CVE-2005-3207, CVE-2004-1369, CVE-2003-1116, CVE-2002-1118, CVE-2002-0965, CVE-2002-0509, CVE-2002-0567, CVE-2001-0498, CVE-2001-0499, CVE-1999-0784, CVE-2000-0986

Some recommended reading: the Oracle Database Listener Security Guide http://www.scribd.com/doc/22455/Oracle-Database-Listener-Security-Guide

Please contact us if you have any comments or would like to add to this diary entry.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

I will be teaching next: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques - SANS October Singapore 2020

Adrien de Beaupre

353 Posts
ISC Handler
Jan 25th 2011

Sign Up for Free or Log In to start participating in the conversation!