webappsec@securityfocus.com
[Top] [All Lists]

Re: Oracle TNS listener

Subject: Re: Oracle TNS listener
From: Esteban Martinez Fayo
Date: Fri, 2 Sep 2005 07:48:17 -0700 PDT
Chitresh,

To do what you are trying to you can use the tnscmd
tool:
http://www.jammed.com/~jwa/hacks/security/tnscmd/

Regards,
Esteban MF.

--- Chitresh Sen <chitresh_sen@xxxxxxxx> wrote:

> Dear All,
> 
> Vulnerability: Oracle TNS listener without password;
> Implication: Remote attacker can control the
> listener;
> 
> In order to test the above vulnerability I had done
> the following:
> 
> 1. Installed the Oracle 9i client on my laptop
> 2. Copy the lsnrctl.exe from Oracle 8 server
> 3. Configured the listener.ora file as follows
> 
> LISTENER =
>   (DESCRIPTION_LIST =
>     (DESCRIPTION =
>       (ADDRESS_LIST =
>         (ADDRESS = (PROTOCOL = TCP)(HOST =
> JUNK)(PORT = 1521))
>       )
>     )
> 
> But I am unable to execute the commands on remote
> listener and getting
> the following error.
> 
> LSNRCTL> status
> Connecting to
>
(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=JUNK)(PORT=152
> 1))(CONNECT_DATA=(SERVICE_NAME=chitresh)))
> TNS-12538: TNS:no such protocol adapter
>  TNS-12560: TNS:protocol adapter error
>   TNS-00508: No such protocol adapter
> 
>     TNS-12538: TNS:no such protocol adapter
>      TNS-12560: TNS:protocol adapter error
>       TNS-00508: No such protocol adapter
> 
> What can be the problem ? is it the version problem
> for lsnrctl.exe
> because I was unable to get the Oracle 9i server
> lsnrctl.exe so I had
> taken from oracle 8 server and copies all its dll
> and set the path to
> execute it, or am I missing something.
> 
> Regards
> Chitresh
> -- 
>   Chitresh Sen
>   chitresh_sen@xxxxxxxx
> 
> -- 
> http://www.fastmail.fm - mmm... Fastmail...
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

<Prev in Thread] Current Thread [Next in Thread>