DescriptionThe TNS Listener, as used in Oracle Database 11g 188.8.131.52, 184.108.40.206, and 220.127.116.11, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."
NVD CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
SUSE informationSUSE Bugzilla entry: 760074 SUSE Security Advisories:
- SUSE-SU-2012:0765-1, published Wed, 20 Jun 2012 16:08:22 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE Manager 1.2 for SLE 11 SP1|| ||Builds|
SAT Patch Nr: 6368