DescriptionThe TNS Listener, as used in Oracle Database 11g 220.127.116.11, 18.104.22.168, and 22.214.171.124, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
|National Vulnerability Database|
- SUSE-SU-2012:0765-1, published Wed, 20 Jun 2012 16:08:22 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE Manager 1.2 for SLE 11 SP1|| ||
SAT Patch Nr: 6368
Status of this issue by product and package
|SUSE Manager Server 1.2||oracle-update||Released|